Dell PowerEdge R830 Lifecycle Controller Remote Services v2.70.70.70 Quick Sta - Page 14

Configuring advanced security using hash password, Configuring USB management port, Monitor

Get Dell PowerEdge R830 PDF manuals and user guides View all Dell PowerEdge R830 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 14 highlights

Configuring advanced security using hash password You can set user passwords and BIOS passwords using a one-way hash format in iDRAC available on the 13th generation Dell PowerEdge servers. The user authentication mechanism is not affected (except for SNMPv3 and IPMI) and you can provide the password in plain text format. With the new password hash feature, you can: • Generate your own SHA256 hashes to set iDRAC user passwords and BIOS passwords. New attributes are created to represent the hash representation of the password. • Export the Server Configuration Profiles file with the password that has the hash values. Use the ExportSystemConfiguration method and include the password hash values that should be exported to the IncludeInExport parameter. The hash password can be generated with and without Salt using SHA256. Whether the Salt string is used or null, it should always be set along with the SHA256SystemPassword. NOTE: If the iDRAC user account's password is set with the SHA256 password hash (SHA256Password) only and not the other hashes (SHA1v3Key, MD5v3Key), authentication through SNMPv3 is lost. Authentication through IPMI is always lost when hash is used to set the user account's password. For more information on using hash password, see the iDRAC Card and BIOS and BootManagement profile documents available at en.community.dell.com/techcenter/systems-management/w/wiki/1906.dcim-library-profile.aspx. Configuring USB management port On the 13th generation of PowerEdge servers monitored by iDRAC, you can perform the following functions on a USB port and USB drive: • Manage the status of the server's USB management port. If the status is disabled, iDRAC does not process a USB device or host connected to the managed USB port. • Configure the USB Management Port Mode to determine whether the USB port is used by iDRAC or the operating system. • View the overcurrent alert generated when a device exceeds the power requirement permitted by USB specification. Configure the overcurrent alert to generate the WS-Events. • View the inventory of the USB device such as FQDD, device description, protocol, vendor ID, product ID, and so on, when the device is connected. • Configure a server by using files stored on a USB drive that is inserted in to a USB port, which is monitored by an iDRAC. This configuration allows creation of a job to track progress and logging the results in the Lifecycle log. The rules for discovering the Server Configuration profile and naming are the same as DHCP provisioning. For more information, see en.community.dell.com/techcenter/ extras/m/white_papers. NOTE: The USB configuration setting controls whether the configuration of the system is allowed from a USB drive. The default setting only applies the configuration from the USB when the iDRAC user password and BIOS are still default. For more information about the USB device management, see the USB device profile document available at en.community.dell.com/ techcenter/systems-management/w/wiki/1906.dcim-library-profile.aspx. Monitor Using various Lifecycle Controller-Remote Services capabilities, you can monitor a system throughout its lifecycle. Current and factoryshipped hardware inventory, Lifecycle Log, System Event Log, Firmware Inventory are some of the features that help you monitor the system. Collecting system inventory When Collect System Inventory On Restart (CSIOR) is set to enabled, Lifecycle Controller performs an inventory and collects the configuration information for all hardware on every system restart. Also, the system inventory collection also detects any changes in hardware. If the Part Replacement feature is enabled and CSIOR detects that the managed hardware is replaced, Lifecycle Controller restores the previous configuration and firmware on the newly installed device based on the inventory collected during the previous system restart. The CSIOR setting is enabled by default and it can be disabled locally by using Lifecycle Controller or remotely with RACADM, WS-MAN, or iDRAC RESTful API with Redfish. You can change the settings to one of the following: 14 Remote Services Features

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
Configuring advanced security using hash password
You can set user passwords and BIOS passwords using a one-way hash format in iDRAC available on the 13th generation Dell PowerEdge
servers. The user authentication mechanism is not affected (except for SNMPv3 and IPMI) and you can provide the password in plain
text format.
With the new password hash feature, you can:
Generate your own SHA256 hashes to set iDRAC user passwords and BIOS passwords. New attributes are created to represent the
hash representation of the password.
Export the Server Configuration Profiles file with the password that has the hash values. Use the ExportSystemConfiguration method
and include the password hash values that should be exported to the IncludeInExport parameter.
The hash password can be generated with and without Salt using SHA256. Whether the Salt string is used or null, it should always be set
along with the SHA256SystemPassword.
NOTE:
If the iDRAC user account’s password is set with the SHA256 password hash (SHA256Password) only and not
the other hashes (SHA1v3Key, MD5v3Key), authentication through SNMPv3 is lost. Authentication through IPMI is
always lost when hash is used to set the user account’s password.
For more information on using hash password, see the
iDRAC Card
and
BIOS and BootManagement
profile documents available at
en.community.dell.com/techcenter/systems-management/w/wiki/1906.dcim-library-profile.aspx
.
Configuring USB management port
On the 13th generation of PowerEdge servers monitored by iDRAC, you can perform the following functions on a USB port and USB drive:
Manage the status of the server’s USB management port. If the status is disabled, iDRAC does not process a USB device or host
connected to the managed USB port.
Configure the USB Management Port Mode to determine whether the USB port is used by iDRAC or the operating system.
View the overcurrent alert generated when a device exceeds the power requirement permitted by USB specification. Configure the
overcurrent alert to generate the WS-Events.
View the inventory of the USB device such as FQDD, device description, protocol, vendor ID, product ID, and so on, when the device
is connected.
Configure a server by using files stored on a USB drive that is inserted in to a USB port, which is monitored by an iDRAC. This
configuration allows creation of a job to track progress and logging the results in the Lifecycle log. The rules for discovering the Server
Configuration profile and naming are the same as DHCP provisioning. For more information, see
en.community.dell.com/techcenter/
extras/m/white_papers
.
NOTE:
The USB configuration setting controls whether the configuration of the system is allowed from a USB drive.
The default setting only applies the configuration from the USB when the iDRAC user password and BIOS are still
default.
For more information about the USB device management, see the
USB device profile
document available at
en.community.dell.com/
techcenter/systems-management/w/wiki/1906.dcim-library-profile.aspx
.
Monitor
Using various Lifecycle Controller-Remote Services capabilities, you can monitor a system throughout its lifecycle. Current and factory-
shipped hardware inventory, Lifecycle Log, System Event Log, Firmware Inventory are some of the features that help you monitor the
system.
Collecting system inventory
When Collect System Inventory On Restart (CSIOR) is set to enabled, Lifecycle Controller performs an inventory and collects the
configuration information for all hardware on every system restart. Also, the system inventory collection also detects any changes in
hardware. If the Part Replacement feature is enabled and CSIOR detects that the managed hardware is replaced, Lifecycle Controller
restores the previous configuration and firmware on the newly installed device based on the inventory collected during the previous
system restart.
The CSIOR setting is enabled by default and it can be disabled locally by using Lifecycle Controller or remotely with RACADM, WS-MAN,
or iDRAC RESTful API with Redfish. You can change the settings to one of the following:
14
Remote Services Features