How it Works
Dell
Loading...
DRAC5
User Manual
372 pgs3.23 Mb0
Owner's Manual
17 pgs43.75 Kb0
User Manual
408 pgs1.93 Mb0
Version 1.20 with Dell OpenManage 5.2 Manual [de]
192 pgs1.7 Mb0
Troubleshooting
24 pgs456.79 Kb0
Version 1.45 Manual [ja]
216 pgs2.75 Mb0
Version 1.50 Manual [zh]
213 pgs2.58 Mb0
Version 1.40 with Dell OpenManage 5.5 Manual [fr]
261 pgs1.87 Mb0
Version 1.20 with Dell OpenManage 5.2 Manual [ja]
192 pgs2.5 Mb0
Version 1.00 with Dell OpenManage 5.0 Manual [zh]
176 pgs2.21 Mb0
Version 1.50 Manual [de]
219 pgs1.85 Mb0
Version 1.50 Manual [ja]
212 pgs2.78 Mb0
Version 1.20 with Dell OpenManage 5.2 Manual [zh]
190 pgs2.38 Mb0
Version 1.20 with Dell OpenManage 5.2 Manual [es]
194 pgs1.55 Mb0
Version 1.50 Manual [fr]
219 pgs1.76 Mb0
Version 1.40 with Dell OpenManage 5.5 Manual [zh]
259 pgs2.7 Mb0
Version 1.40 with Dell OpenManage 5.5 Manual [ja]
261 pgs2.87 Mb0
Version 1.00 with Dell OpenManage 5.0 Manual [es]
180 pgs1.44 Mb0
Version 1.00 with Dell OpenManage 5.0 Manual [fr]
178 pgs1.46 Mb0
Version 1.00 with Dell OpenManage 5.0 Manual [de]
179 pgs1.52 Mb0
User Manual
278 pgs1.43 Mb0
Version 1.50 Manual [es]
219 pgs1.74 Mb0
Version 1.60 Manual [fr]
223 pgs1.77 Mb0
Version 1.45 Manual [de]
223 pgs1.85 Mb0
Version 1.45 Manual [zh]
215 pgs2.6 Mb0
Version 1.45 Manual [es]
221 pgs1.73 Mb0
User Manual
272 pgs2.15 Mb0
Owner's Manual
9 pgs26.83 Kb0
Owner's Manual
418 pgs3.36 Mb0
Version 1.60 Manual [es]
241 pgs1.96 Mb0
Version 1.40 with Dell OpenManage 5.5 Manual [es]
261 pgs1.87 Mb0
Owner's Manual
14 pgs37.19 Kb0
User Manual
292 pgs2.16 Mb0
Version 1.60 Manual [ja]
219 pgs2.9 Mb0
Version 1.00 with Dell OpenManage 5.0 Manual [ja]
179 pgs2.33 Mb0
Version 1.60 Manual [zh]
220 pgs2.55 Mb0
Version 1.40 with Dell OpenManage 5.5 Manual [de]
264 pgs1.97 Mb0
Version 1.20 with Dell OpenManage 5.2 Manual [fr]
192 pgs1.56 Mb0
Version 1.45 Manual [fr]
221 pgs1.76 Mb0

Dell DRAC 5 Troubleshooting

DRAC 5
Dell Remote Access Card 5 Security
Information in this document is subject to change without notice. © Copyright 2006 Dell Inc. All rights reserved. Reproduction in any manner whatsoever without the written permission of Dell Inc. is strictly
forbidden. THIS DOCUMENT IS FOR INFORMATIONAL PURPOSES ONLY. THE CONTENT IS
PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. Dell, the Dell Logo, and OpenMana ge are trademarks of Dell Inc. Other trademarks a nd trade
names may be used in this document to refer to either the entities claiming the m arks and names or their products. Dell disclaims proprietary interest in the marks a nd names of othe rs.
Table of Contents
TERMINOLOGY......................................................................................................................................................................................................4
INTRODUCTION.....................................................................................................................................................................................................6
AUTHENTICATION AND AUTHORIZATION.......................................................................................................................................................7
L
OG IN VIA LOCAL ACCOUNT
RAC Login User Privilege..............................................................................................................................................................................8
RAC Card Configuration Privilege................................................................................................................................................................8
RAC User Configuration Privilege.................................................................................................................................................................8
RAC Log Clear Privilege................................................................................................................................................................................8
RAC Server Reset and Power-on/off Privilege............................................................................................................................................8
RAC Console Redirection Privilege..............................................................................................................................................................8
RAC Virtual Media Privilege..........................................................................................................................................................................8
RAC Test Alert Privilege................................................................................................................................................................................8
RAC Debug Command Privilege..................................................................................................................................................................8
L
OG IN VIA ACTIVE DIRECTORY WITH DELL SCHEMA EXTENSION
L
OG IN VIA ACTIVE DIRECTORY WITHOUT DELL SCHEMA EXTENSION
ENCRYPTION.......................................................................................................................................................................................................12
SSL C
ERTIFICATE MANAGEMENT
S
UPPORTED
S
ECURE SHELL ENCRYPTION
IPMI RMCP+ E
SSL C
NCRYPTION
..................................................................................................................................................................................7
..........................................................................................................................8
..................................................................................................................10
........................................................................................................................................................................12
IPHER SUITES
.......................................................................................................................................................................12
..............................................................................................................................................................................13
................................................................................................................................................................................13
EVENT LOGGING.................................................................................................................................................................................................14
L
OG FORMAT
L
OG EVENTS
ACCESS TO DRAC 5...........................................................................................................................................................................................15
D
ISABLING SERVICES AND CHANGING THE SERVICE PORT NUMBER
S
ECURITY POLICY
IP Blocking....................................................................................................................................................................................................17
Invalid Login Attack Blocking.......................................................................................................................................................................17
SHARED NIC SECURITY....................................................................................................................................................................................19
W
EB BROWSER SECURITY
R
EMOTE
L
OCAL
SSH S SNMP S V
IRTUAL MEDIA SECURITY
......................................................................................................................................................................................................14
.......................................................................................................................................................................................................14
....................................................................................................................15
...............................................................................................................................................................................................17
..................................................................................................................................................................................20
CLI S
ECURITY
......................................................................................................................................................................................20
CLI S
ECURITY
..........................................................................................................................................................................................20
ECURITY
...................................................................................................................................................................................................20
ECURITY
................................................................................................................................................................................................21
..................................................................................................................................................................................21
PAGE 2 OF 24
C
ONSOLE REDIRECTION SECURITY
.....................................................................................................................................................................22
Authentication and Encryption.....................................................................................................................................................................22
User Session Privacy...................................................................................................................................................................................23
IPMI OUT-OF-B
AND ACCESS SECURITY
..............................................................................................................................................................24
PAGE 3 OF 24
T erminology
Term Definition
CA
CAST 128
CD
CLI
CSR
3 DES
DH
DNS
DRAC 5
DSA
GUI
HTTP
HTTPS
IP
IPMI
KVM
LAN
LDAP
LDAPS
LOM
MAC
MD5
MS
NIC
NVRAM
OS
PET
PKI
RAC
RC4
RMCP
RSA
SEL
Certificate Authorization
CAST Algorithm 128-bit
Compact Disk
Command Line Interface
Certificate Signing Request
Triple Data Encryption Standard
Diffie-Hellman
Domain Name Server
Dell Remote Access Controller
Digital Signature Algorithm
Graphic User Interface
Hypertext Transfer Protocol
Hypertext Transfer Protocol Secure
Internet Protocol
Intelligent Platform Management Interface
Keyboard Video Mouse
Local Area Network
Lightweight Directory Access Protocol
Lightweight Directory Access Protocol Secure
Lay on Mother Board
Media Access Control
Message Digest Algorithm Number 5
Microsoft
Network Interface Card
Non-Volatile Random Access Memory
Operating System
Platform Event Trap
Public Key Infrastructure
Remote Access Controller
ARC Four Algorithm
Remote Management Control Protocol
Rivest Shamir Adleman
System Event Log
PAGE 4 OF 24
Term Definition
SHA1
SMCLP
SMTP
SNMP
SOL
SSH
SSL
TCP
TCP/IP
TFTP
TLS1.0
UDP
URL
VLAN
VNC
Seane Hash Algorithm
Server Management Command Line Protocol
Simple Mail Transfer Protocol
Simple Network Management Protocol
Serial Over LAN
Secured Shell
Secured Socket Layer
Transmission Control Protocol
Transmission Control Protocol/Internet Protocol
Trivial File Transfer Protocol
Transport Layer Security
User Datagram Protocol
Uniform Resource Locator
Virtual Local Area Network
Virtual Network Computing
PAGE 5 OF 24
Introduction
Today, managing distributed servers from a remote location i s a critical require ment. DRAC 5 enables users to remotely monitor, tro ubleshoot , and repair se rvers even when th e server
is down. DRAC 5 offers a rich set of features like virtual medi a, virtual KVM, and so on, which have the potential to make the system prone to security risks. DRAC 5 security features mit igate the security risks that exist while data is being tra nsmitted across the network. Thi s white pape r briefly describes the security features that DRA C 5 uses to hel p ensure aut henticati on, authorization, privacy, and data integrity.
PAGE 6 OF 24
Authentication and Authorization
Log in via Local Account
The DRAC 5 ships with a default local user accou nt that is pre-co nfigured with an admin istrator role. This default user name is “root” and the password i s “calvin” for this user.
Dell strongly recommends changing thi s default setti ng during deployment of the DRAC 5.
DRAC 5 supports up to 16 local users. Each user can be enabled or disabled. You can secure the DRAC 5 by disabling all local user accounts and using only Micro soft
®
Active Directory® users since
Active Directory is considered to have stronger secure policy management. Local users’ user names and passwords can be changed. DRAC 5 local users’ account policy is as
follows:
Anonymous user is NOT supported
NULL user name is NOT supported
NULL password is NOT supported
Maximum user name length is 16 characters
Maximum user password length is 20 characters
DRAC 5 local user account information is stored on NVRAM and is encrypted via a proprietary algorithm.
DRAC 5 supports privilege-based access to a DRAC. Every local user or Active Directory user has a privilege set associated with it. The privilege is per channel per user. The privilege set decides what kind of rights a user has on the DRAC 5 on each of the access channe ls.
There are three types of access channels on DRAC 5:
IPMI LAN channel
IPMI Serial channel
RAC channel – including RA C web GUI, RAC serial/t elnet /SSH console , RACADM CLI , RAC SM-CLP, RAC virtual media, RAC cons ole redire ction
IPMI LAN and IPMI serial channel privilege are defined in the IPMI 2.0 specification. (See IPMI
Out-of-band Access Security
for further information.)
PAGE 7 OF 24
The DRAC 5 RAC channel has nine privil eges. Each user ca n have any combi nation of the nine privileges. The nine privileges are as follows:
RAC Login User Privilege
This privilege allows a user to log in to the DRAC 5 card. An ad ministrat or can easily disa ble a user from a DRAC 5 by removing this privilege. Removing th e login privilege from a user is not the same as deleting a user. The user will remain in the user database but will not be able to log in and use this DRAC 5 card. An administrat or can quickly re-en able this user by g ranting the login privilege without having to totally reconfigure this user.
RAC Card Configuration Privilege
This privilege allows a user to change all DRAC 5 card configurations except fo r the user configuration, for example, out-of-band NIC confi guration, SNMP trap configuration, SSL certificate configuration, and so on.
RAC User Configuration Privilege
This privilege allows a user to add or delete a user or chang e existing user privile ges.
RAC Log Clear Privilege
This privilege allows a user to clear the System Event Log (SEL), RA C log, or last crash scree n log.
RAC Server Reset and Power-on/off Privilege
This privilege allows a user to do any power manageme nt operation (like reset or power-on/off a system).
RAC Console Redirection Privilege
This privilege allows a user to use the console redirection feat ure.
RAC Virtual Media Privilege
This privilege allows a user to use the virtual media feature.
RAC Test Alert Privilege
This privilege allows a user to submit a request to DRAC 5 to test an S NMP trap alert to a pre ­configured destination.
RAC Debug Command Privilege
This privilege allows a user to issue any debug command. Most of debug command s are used to help debug or diagnose a DRAC 5.
Dell strongly recommends assig ning this pri vilege only to adm inistrators or service per sonnel required to help debug or diagnose the DRAC 5.
Log in via Active Directory With Dell Schema Ext ension
A directory service maintains a common database of all i nformation needed f or controlling users, computers, printers and so forth on a network. If your compa ny uses the Active Dire ctory service software, you can configure the softwa re to provide access to t he DRAC 5 allowi ng you to add and control DRAC 5 user privileges to existing users in the Active Directory software.
PAGE 8 OF 24
Loading...
+ 16 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use