Dell OpenManage Server Administrator Version 7.0 Manual

Dell OpenManage
Server Administrator
Version 7.0
User’s Guide
Notes and Cautions
NOTE: A NOTE indicates important information that helps you make better use of
your computer.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of
data and tells you how to avoid the problem.
____________________
Information in this publication is subject to change without notice. © 2012 Dell Inc. All rights reserved.
Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Trademarks used in this text: Dell™, the DELL logo, PowerEdge™, PowerVault™, and OpenManage™ are trademarks of Dell Inc. Microsoft Directory Corporation in the United States and/or other countries. EMC Corporation. Java® is a registered trademarks of Oracle and/or its affiliates. Novell registered trademarks of Novell, Inc. in the United States and other countries. Red Hat Enterprise Linux VMware States and/or other jurisdictions. Mozilla Foundation. Citrix trademarks of Citrix Systems, Inc. in the United States and/or other countries.
Server Administrator includes software developed by the Apache Software Foundation (www.apache.org). Server Administrator utilizes the OverLIB JavaScript library. This library can be obtained from www.bosrup.com.
Other trademarks and trade names may be used in this publication to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
2012 - 03
®
, and Windows Server® are either trademarks or registered trademarks of Microsoft
®
®
are registered trademarks of Red Hat, Inc. in the United States and other countries.
is a registered trademark and ESX Server™ is a trademark of VMware Inc in the United
®
, Xen®, XenServer®, and XenMotion® are either registered trademarks or
®
and Firefox® are registered trademarks of the Mozilla
®
, Windows®, Internet Explorer®, Active
®
is a registered trademark of EMC
®
and SUSE® are
®
and Red Hat
Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . 9
Overview . . . . . . . . . . . . . . . . . . . . . . . . . 9
What’s New in this Release . . . . . . . . . . . . . . . 11
Installation
Updating Individual System Components
. . . . . . . . . . . . . . . . . . . . . 10
. . . . . 10
Storage Management Service . . . . . . . . . . . 10
Instrumentation Service
Remote Access Controller
. . . . . . . . . . . . . . 11
. . . . . . . . . . . . . 11
Logs . . . . . . . . . . . . . . . . . . . . . . . . 11
Systems Management Standards Availability
Availability on Supported Operating Systems
Server Administrator Home Page
Other Documents You May Need
. . . . . . . . . . . . 15
. . . . . . . . . . . . 15
. . . . . 13
. . . 14
Obtaining Technical Assistance . . . . . . . . . . . . 17
2 Setup and Administration . . . . . . . . . . . . 19
Security Management . . . . . . . . . . . . . . . . . . 19
Role-Based Access Control
Authentication
. . . . . . . . . . . . . . . . . . . 21
Microsoft Windows Authentication
Red Hat Enterprise Linux and SUSE Linux Enterprise Server Authentication
VMware ESX Server 4.X Authentication
. . . . . . . . . . . . 19
. . . . . . . . 21
. . . . . . . . . 21
. . . . . . 21
Contents 3
VMware ESXi Server 5.X P1 Authentication . . . . 22
Encryption . . . . . . . . . . . . . . . . . . . . . 22
Assigning User Privileges . . . . . . . . . . . . . . . . 22
Creating Server Administrator Users for Supported Red Hat Enterprise Linux and SUSE Linux Enterprise Server Operating Systems
. . . . 23
Editing Server Administrator User Privileges on
Linux Operating Systems . . . . . . . . . . . . . . 25
Creating Server Administrator Users for VMware ESX 4.X, ESXi 4.X, and ESXi 5.X
. . . . . . . . . . . 26
Disabling Guest and Anonymous Accounts in Supported Windows Operating Systems
. . . . . . . . 27
Configuring the SNMP Agent
. . . . . . . . . . . . . . 27
Configuring the SNMP Agent for Systems Running Supported Windows Operating Systems
. . . . . . 29
Configuring the SNMP Agent on Systems Running
Supported Red Hat Enterprise Linux . . . . . . . . 32
Configuring the SNMP Agent on Systems Running
Supported SUSE Linux Enterprise Server . . . . . 35
Configuring the SNMP Agent on Systems Running Supported VMware ESX 4.X Operating Systems
to Proxy VMware MIBs . . . . . . . . . . . . . . 38
Configuring the SNMP Agent on Systems Running Supported VMware ESXi 4.X and ESXi 5.X Operating Systems
. . . . . . . . . . . . . . . . . 41
Firewall Configuration on Systems Running Supported Red Hat Enterprise Linux Operating Systems and SUSE Linux Enterprise Server
. . . . . . . . . . . . . . 42
3 Using Server Administrator . . . . . . . . . . . 45
Starting Your Server Administrator Session . . . . . . 45
Logging In and Out
. . . . . . . . . . . . . . . . . . . . 45
4 Contents
Server Administrator Local System Login . . . . . 45
Server Administrator Managed System Login . . . 46
Central Web Server Login
Single Sign-On
. . . . . . . . . . . . . . . . . . . 48
. . . . . . . . . . . . . 47
Configuring Security Settings on Systems Running a Supported Microsoft Windows
Operating System . . . . . . . . . . . . . . . . . 50
The Server Administrator Home Page
. . . . . . . . . 51
Server Administrator User Interface Differences Across Modular and Non-Modular Systems
. . . 54
Global Navigation Bar . . . . . . . . . . . . . . . 55
System Tree
Action Window
Using the Online Help
Using the Preferences Home Page
Managed System Preferences
. . . . . . . . . . . . . . . . . . . . 55
. . . . . . . . . . . . . . . . . . . 56
. . . . . . . . . . . . . . . . . . 58
. . . . . . . . . . . 59
. . . . . . . . . . . 60
Server Administrator Web Server Preferences
Server Administrator Web Server Action Tabs
. . . . . . . . . . . . . . . . . . . . 61
. . . . . 65
Using the Server Administrator Command Line Interface
. . . . . . . . . . . . . . . . . . . . . . . . . 65
4 Server Administrator Services . . . . . . . . 67
Overview . . . . . . . . . . . . . . . . . . . . . . . . 67
Managing Your System
Managing System/Server Module Tree Objects
. . . . . . . . . . . . . . . . . 68
. . . . 68
Server Administrator Home Page System Tree Objects
Contents 5
69
Unsupported Features in OpenManage Server Administrator
Modular Enclosure
System/Server Module
. . . . . . . . . . . . . . . . . . . . 69
. . . . . . . . . . . . . . . . . 70
. . . . . . . . . . . . . . . 71
Managing Preferences: Home Page Configuration
Options
. . . . . . . . . . . . . . . . . . . . . . . . . 91
General Settings
. . . . . . . . . . . . . . . . . . 91
Server Administrator . . . . . . . . . . . . . . . . 92
5 Working With Remote Access
Controller 93
Overview . . . . . . . . . . . . . . . . . . . . . . . . . 93
Viewing Basic Information . . . . . . . . . . . . . . . 95
Configuring the Remote Access Device to Use a LAN Connection
Configuring the Remote Access Device to use a Serial Port Connection
Configuring the Remote Access Device to Use a
Serial Over LAN Connection
. . . . . . . . . . . . . . . . . . . . . . . . 96
. . . . . . . . . . . . . . . . . 99
. . . . . . . . . . . . . . 100
6 Server Administrator Logs . . . . . . . . . . 105
6 Contents
Additional Configuration for iDRAC
Configuring Remote Access Device Users
Setting Platform Event Filter Alerts
Setting Platform Event Alert Destinations
. . . . . . . . . . . 101
. . . . . . . 101
. . . . . . . . . . . 102
. . . . . 104
Overview . . . . . . . . . . . . . . . . . . . . . . . . . 105
Integrated Features . . . . . . . . . . . . . . . . . . . 105
Log Window Task Buttons
. . . . . . . . . . . . . 105
Server Administrator Logs
Hardware Log
Alert Log
. . . . . . . . . . . . . . . . . . . . . . 107
. . . . . . . . . . . . . . . 106
. . . . . . . . . . . . . . . . . . . 106
Command Log . . . . . . . . . . . . . . . . . . . 108
7 Setting Alert Actions . . . . . . . . . . . . . . . 109
Setting Alert Actions for Systems Running Supported Red Hat Enterprise Linux and SUSE Linux Enterprise Server Operating Systems
. . . . . . . . . . . . . . . . 109
Setting Alert Actions in Microsoft Windows Server 2003 and Windows Server 2008
. . . . . . . . . . . . . 110
Setting Alert Action Execute Application in Windows Server 2008
. . . . . . . . . . . . . . . . . . . . . . . 111
BMC/iDRAC Platform Events Filter Alert Messages
. . . . . . . . . . . . . . . . . . . . . . . . 112
A Troubleshooting . . . . . . . . . . . . . . . . . . 115
Connection Service Failure . . . . . . . . . . . . . . . 115
Login Failure Scenarios
. . . . . . . . . . . . . . . . . 115
Fixing a Faulty Server Administrator Installation on Supported Windows Operating Systems
OpenManage Server Administrator Services
. . . . . . 116
. . . . . 117
Contents 7
B Frequently Asked Questions . . . . . . . . . 121
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
8 Contents
1

Introduction

Overview

Dell OpenManage Server Administrator (OMSA) provides a comprehensive, one-to-one systems management solution in two ways: from an integrated, web browser-based graphical user interface (GUI) and from a command line interface (CLI) through the operating system. Server Administrator is designed for system administrators to manage systems locally and remotely on a network. It allows system administrators to focus on managing their entire network by providing comprehensive one-to-one systems management.
In the context of Server Administrator, a system refers to a stand-alone system, a system with attached network storage units in a separate chassis, or a modular system consisting of one or more server modules in a modular enclosure.
Server Administrator provides information about:
Systems that are operating properly and systems that have problems
Systems that require remote recovery operations
Server Administrator provides easy-to-use management and administration of local and remote systems through a comprehensive set of integrated management services. Server Administrator is the sole installation on the system being managed and is accessible both locally and remotely from the Server Administrator home page. Remotely monitored systems may be accessed through dial-in, LAN, or wireless connections. Server Administrator ensures the security of its management connections through role-based access control (RBAC), authentication, and secure socket layer (SSL) encryption.
Introduction 9

Installation

You can install Server Administrator using the Dell Systems Management Tools and Documentation DVD. The DVD provides a setup program to install,
upgrade, and uninstall Server Administrator, managed system and management station software components. Additionally, you can install Server Administrator on multiple systems through an unattended installation across a network.
The Dell OpenManage installer provides installation scripts and RPM packages to install and uninstall Dell OpenManage Server Administrator and other managed system software components on your managed system. For more information, see the Dell OpenManage Server Administrator Installation
Guide and the Dell OpenManage Management Station Software Installation Guide at support.dell.com/manuals.
NOTE: When you install the open source packages from the Dell Systems
Management Tools and Documentation DVD, the corresponding license files are
automatically copied to the system. When you remove these packages, the corresponding files are removed.
If you have a modular system, you must install Server Administrator on each server module installed in the chassis.

Updating Individual System Components

To update individual system components, use component-specific Dell Update Packages. Use the Dell Server Updates DVD to view the complete version report and to update an entire system. The Server Update Utility is a DVD-ROM–based application for identifying and applying updates to your system. The Server Update Utility can be downloaded from support.dell.com.
See the Server Update Utility User's Guide for more information about obtaining and using the Server Update Utility (SUU) to update your Dell Systems or to view the updates available for any systems listed in the Repository.

Storage Management Service

The Storage Management Service provides storage management information in an integrated graphical view.
For detailed information on the Storage Management Service, see the Dell OpenManage Server Administrator Storage Management User's Guide at support.dell.com/manuals.
10 Introduction

Instrumentation Service

The Instrumentation Service provides rapid access to detailed fault and performance information gathered by industry-standard systems management agents and allows remote administration of monitored systems, including shutdown, startup, and security.

Remote Access Controller

The Remote Access Controller provides a complete remote system management solution for systems equipped with the Dell Remote Access Controller (DRAC) or Baseboard Management Controller (BMC)/Integrated Dell Remote Access Controller (iDRAC) solution. The Remote Access Controller provides remote access to an inoperable system, allowing you to get the system up and running as quickly as possible. The Remote Access Controller also provides an alert notification when a system is down and allows you to remotely restart the system. Additionally, the Remote Access Controller logs the probable cause of system crashes and saves the most recent crash screen.

Logs

Server Administrator displays logs of commands issued to or by the system, monitored hardware events, and system alerts. You can view logs on the home page, print or save them as reports, and send them by e-mail to a designated service contact.

What’s New in this Release

The highlights of this release of OpenManage Server Administrator are:
Added support for the following operating systems:
VMware ESXi 5.0 FP1
SUSE Enterprise Linux 11 SP2 x86_64
NOTE: Microsoft Windows 2003 is not supported on yx2x systems.
Added support for the following browsers:
Internet Explorer 9.0
Mozilla Firefox 6.0 and 7.0
•Added support for
yx2x
systems
Introduction 11
Increased the Automatic System Recovery (ASR) Watchdog Timer limit to 720 seconds from 480 seconds.
BIOS settings grouped under specific categories on the BIOS settings page.
Added four new platform events for Internal Dual SD Module Cards:
Internal Dual SD Module Card Critical
Internal Dual SD Module Card Warning
Internal Dual SD Module Card Redundancy Lost
Internal Dual SD Module Card Absent
For more information, see PEF Alert Events.
Provision for selecting Primary and Failover networks for Remote Management (iDRAC7) NIC for yx2x systems.
Added feature for reporting Power Supply Unit (PSU) firmware version in the
Power Supplies Information
As per Citrix’s recommendation, the web server support from the Xenserver 6.0 managed node is deprecated to not load Dom0 with resource constrained options — Use the Server Administrator Web Server, installed on a separate system, to manage XenServer 6.0.
Failover Network attributed added for Integrated Dell Remote Access Controller (iDRAC) 7
Power Monitoring features are disabled if Enterprise license in iDRAC7 is absent
The BIOS System and Setup Password can be set using the Server Administrator Graphical User Interface (GUI) or Command Line Interface (CLI). In CLI, the password must be provided for every BIOS setup attribute configuration. You must also enter the Setup Password while using the Server Administrator GUI for modifying the BIOS setup attributes.
The Server Administrator carries the Java Run Time Environment (JRE)
1.6 Update 30 (1.60_30) to fetch the latest Java Security fixes.
As part of Remote Access (iDRAC7) properties, added on the Advanced Management Enablement Adapter (AMEA) is present.
Remote Access Information
page.
iDRAC Ports
page. This field indicates if
field is
12 Introduction
Deprecated support for Mozilla Firefox 3.6
Deprecated supported for
NOTE: The BIOS features and SD Module Card alerts are applicable to yx2x
and later systems.
For a list of platforms, operating systems, and browsers support added and deprecated, see the Dell Systems Software Support Matrix Version 7.0 at
support.dell.com/manualsSoftware Systems ManagementDell OpenManage
See the Server Administrator context-sensitive online help for more information on features introduced in this release.
Releases.
xx8x
systems

Systems Management Standards Availability

Dell OpenManage Server Administrator supports the following major systems management protocols:
HyperText Transfer Protocol Secure (HTTPS)
Common Information Model (CIM)
Simple Network Management Protocol (SNMP)
If your system supports SNMP, you must install and enable the service on your operating system. If SNMP services are available on your operating system, the Server Administrator installation program installs the supporting agents for SNMP.
HTTPS is supported on all operating systems. Support for CIM and SNMP is operating system dependent and, in some cases, operating system-version dependent.
For information on SNMP security concerns, see the Dell OpenManage Server Administrator readme file (packaged with the Server Administrator application) or at support.dell.com/manuals. You must apply updates from your operating system's master SNMP agents to ensure that Dell's SNMP subagents are secure.
Introduction 13

Availability on Supported Operating Systems

On supported Microsoft Windows operating systems, Server Administrator supports two systems management standards: CIM/WMI (Windows Management Instrumentation) and SNMP, while on supported Red Hat Enterprise Linux and SUSE Linux Enterprise Server operating systems, Server Administrator supports the SNMP systems management standard.
Server Administrator adds considerable security to these systems management standards. All attributes set operations (for example, changing the value of an asset tag) must be performed with Dell OpenManage IT Assistant while logged in with the required authority.
Table 1-1 shows the systems management standards that are available for each supported operating system.
Table 1-1. Systems Management Standards Availability
Operating System SNMP CIM
Windows Server 2008 family and Windows Server 2003 family
Red Hat Enterprise Linux Available in the net-snmp
SUSE Linux Enterprise Server Available in the net-snmp
VMware ESX Available in the net-snmp
VMware ESXi SNMP trap support available
Citrix XenServer 6.0 Available in the net-snmp
Available from the operating system installation media
package from the operating system installation media
package from the operating system installation media
package installed by the operating system
NOTE: While ESXi supports
SNMP traps, it does not support hardware inventory through SNMP.
package from the operating system installation media
Always installed
Unavailable
Unavailable
Available
Available
Unavailable
14 Introduction

Server Administrator Home Page

The Server Administrator home page provides easy-to-set up and easy-to-use web browser-based system management tasks from the managed system or from a remote host through a LAN, dial-up service, or wireless network. When the Dell Systems Management Server Administrator Connection Service (DSM SA Connection Service) is installed and configured on the managed system, you can perform remote management functions from any system that has a supported Web browser and connection. Additionally, the Server Administrator home page provides extensive, context-sensitive online help.

Other Documents You May Need

In addition to this guide, you can access the following guides available at
support.dell.com/manuals. On the Manuals page, click SoftwareSystems Management. Click the appropriate product link on the right-side to access
the documents.
•The
•The
•The
•The
•The
•The
Dell Systems Software Support Matrix
various Dell systems, the operating systems supported by these systems, and the Dell OpenManage components that can be installed on these systems.
Dell OpenManage Server Administrator Installation Guide
instructions to help you install Dell OpenManage Server Administrator.
Dell OpenManage Management Station Software Installation Guide
contains instructions to help you install Dell OpenManage management station software.
Dell OpenManage Server Administrator SNMP Reference Guide
documents the Simple Network Management Protocol (SNMP) management information base (MIB).
Dell OpenManage Server Administrator CIM Reference Guide
the Common Information Model (CIM) provider, an extension of the standard management object format (MOF) file.
Dell OpenManage Server Administrator Messages Reference Guide
the messages that are displayed in your Alert log or on your operating system’s event viewer.
provides information about the
contains
documents
Server Administrator
home page
lists
Introduction 15
•The
•The
•The
•The
•The
•The
•The
•The
•The
•The
•The
•The
•The
•The
Dell OpenManage Server Administrator Command Line Interface
User's Guide
Administrator.
Integrated Dell Remote Access Controller User’s Guide
detailed information on configuring and using the iDRAC.
Dell Chassis Management Controller User’s Guide
information on installing, configuring and using CMC.
Dell Online Diagnostics User's Guide
on installing and using Online Diagnostics on your system.
Dell OpenManage Baseboard Management Controller Utilities
User Guide
Administrator to configure and manage your system's BMC.
Dell OpenManage Server Administrator Storage Management
User's Guide
managing local and remote storage attached to a system.
Dell Remote Access Controller Racadm User's Guide
information about using the racadm command-line utility.
Dell Remote Access Controller 5 User’s Guide
information about installing and configuring a DRAC 5 controller and using DRAC 5 to remotely access an inoperable system.
Dell Update Packages User's Guide
and using Dell Update Packages as part of your system update strategy.
Dell OpenManage Server Update Utility User's Guide
information about obtaining and using the Server Update Utility (SUU) to update your Dell systems or to view the updates available for any systems listed in the Repository.
Dell Management Console User’s Guide
installing, configuring, and using Dell Management Console.
Dell Lifecycle Controller User Guide
up and using the Unified Server Configurator to perform systems and storage management tasks throughout your system’s lifecycle.
Dell License Manager User’s Guide
managing component server licenses for Dell yx2x servers.
Glossary
documents the complete command line interface for Server
provides
provides detailed
provides complete information
provides additional information about using Server
is a comprehensive reference guide for configuring and
provides
provides complete
provides information about obtaining
provides
has information about
provides information on setting
provides information about
for information on terms used in this document.
16 Introduction

Obtaining Technical Assistance

If at any time you do not understand a procedure described in this guide or if your product does not perform as expected, help tools are available to assist you. For more information about these help tools, see “Getting Help” in your system's Hardware Owner’s Manual.
Additionally, Dell Enterprise Training and Certification is available; see dell.com/training for more information. This service may not be offered in all locations.
Introduction 17
18 Introduction
2

Setup and Administration

Security Management

Dell OpenManage Server Administrator provides security through Role­Based Access Control (RBAC), authentication, and encryption for both the web-based and command line interfaces.

Role-Based Access Control

RBAC manages security by determining the operations that can be executed by persons in particular roles. Each user is assigned one or more roles, and each role is assigned one or more user privileges that are permitted to users in that role. With RBAC, security administration corresponds closely to an organization's structure.
User Privileges
Server Administrator grants different access rights based on the user's assigned group privileges. The four user levels are: User, Power User, Administrator, and Elevated Administrator.
Users
can view most information.
Pow er Users
actions are to be performed when a warning or failure event occurs.
Administrators
Auto Recovery actions in case a system has a non-responsive operating system, and clear hardware, event, and command logs. also configure the system to send e-mails.
Elevated Administrators
can set warning threshold values and configure which alert
can configure and perform shutdown actions, configure
Administrators
can view and manage information.
can
Setup and Administration 19
Server Administrator grants read-only access to users logged in with User privileges, read and write access to users logged in with Power User privileges, and read, write, and administrator access to users logged in with Administrator and
Table 2-1. User Privileges
User Privileges Access Type
User Ye s No
Power User Ye s Yes
Administrator Ye s Yes
Elevated Administrator (Linux only) Yes Ye s
Elevated Administrator
View Manage
privileges. See Table 2-1.
Privilege Levels to Access Server Administrator Services
Table 2-2 summarizes the users who have privileges to access and manage Server Administrator services.
Table 2-2. Server Administrator User Privilege Levels
Service User Privilege Level Required
View Manage
Instrumentation U, P, A, EA P, A, EA
Remote Access U, P, A, EA A, EA
Storage Management U, P, A, EA A, EA
Table 2-3 defines the user privilege level abbreviations used in Table 2-2.
Table 2-3. Legend for Server Administrator User Privilege Levels
U User
P Power User
A Administrator
EA Elevated Administrator
20 Setup and Administration

Authentication

The Server Administrator authentication scheme ensures that the correct access types are assigned to the correct user privileges. Additionally, when the command line interface (CLI) is invoked, the Server Administrator authentication scheme validates the context within which the current process is running. This authentication scheme ensures that all Server Administrator functions, whether accessed through the Server Administrator home page or CLI, are properly authenticated.

Microsoft Windows Authentication

For supported Microsoft Windows operating systems, Server Administrator authentication uses Integrated Windows Authentication (formerly called NTLM) to authenticate. This authentication system allows Server Administrator security to be incorporated in an overall security scheme foryournetwork.

Red Hat Enterprise Linux and SUSE Linux Enterprise Server Authentication

For supported Red Hat Enterprise Linux and SUSE Linux Enterprise Server operating systems, Server Administrator uses various authentication methods based on the Pluggable Authentication Modules (PAM) library. Users can log in to Server Administrator either locally or remotely using different account management protocols, such as LDAP, NIS, Kerberos, and Winbind.

VMware ESX Server 4.X Authentication

VMware ESX Server uses the Pluggable Authentication Modules (PAM) structure for authentication when users access the ESX Server host. The PAM configuration for VMware services is located at /etc/pam.d/vmware-authd, which stores paths to authentication modules.
The default installation of ESX Server uses /etc/passwd authentication, just as Linux does, but you can configure ESX Server to use another distributed authentication mechanism.
NOTE: On systems running VMware ESX Server 4.x operating system, to login to
Server Administrator, all users require Administrator privileges. For information on assigning roles, see the VMware documentation.
Setup and Administration 21

VMware ESXi Server 5.X P1 Authentication

ESXi Server authenticates users accessing ESXi hosts using the vSphere/VI Client or Software Development Kit (SDK). The default installation of ESXi uses a local password database for authentication. ESXi authentication transactions with Server Administrator are also direct interactions with the vmware-hostd process. To make sure that authentication works efficiently for your site, perform basic tasks such as setting up users, groups, permissions, and roles, configuring user attributes, adding your own certificates, and determining whether you want to use SSL.
NOTE: On systems running VMware ESXi Server 5.0 P1 operating system, to login
to Server Administrator, all users require Administrator privileges. For information on assigning roles, see the VMware documentation.

Encryption

Server Administrator is accessed over a secure HTTPS connection using secure socket layer (SSL) technology to ensure and protect the identity of the system being managed. Java Secure Socket Extension (JSSE) is used by supported Microsoft Windows, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server operating systems to protect the user credentials and other sensitive data that is transmitted over the socket connection when a user accesses the Server Administrator home page.

Assigning User Privileges

To ensure critical system component security, assign user privileges to all Dell OpenManage software users before installing Dell OpenManage software. New users can log in to Dell OpenManage software using their operating system user privileges.
CAUTION: To protect access to your critical system components,
assign a password to every user account that can access Dell OpenManage software. Users without an assigned password cannot log in to Dell OpenManage software on a system running Windows Server 2003 due to the operating system design.
CAUTION: Disable guest accounts for supported Windows operating systems to
protect access to your critical system components. Consider renaming the guest accounts so that remote scripts cannot enable the accounts using the default guest account names.
22 Setup and Administration
NOTE: For instructions on assigning user privileges for each supported operating
system, see your operating system documentation.
NOTE: Add new users to the operating system if you want to add users to
OpenManage software. You do not have to create new users from within the OpenManage software.
Adding Users to a Domain on Windows Operating Systems
NOTE: You must have Microsoft Active Directory installed on your system to
perform the following procedures. See "Using the Active Directory Login" on page 48 for more information about using Active Directory.
1
Navigate to
Users and Computers
2
In the console tree, right-click you want to add the new user, and then point to
3
Type the appropriate user name information in the dialog box, and then click
4
Click
5
Double-click the icon representing the user that you just created.
6
Click the
7
Click
8
Select the appropriate group and click
9
Click OK, and then click OK again.
Control Panel
Next
.
Next
, and then click
Member of
Add
.
.
tab.
Administrative Tools
Users
or right-click the container in which
Finish
.
Add
.
Active Directory
New
User
.
New users can log in to Dell OpenManage software with the user privileges for their assigned group and domain.

Creating Server Administrator Users for Supported Red Hat Enterprise Linux and SUSE Linux Enterprise Server Operating Systems

Administrator access privileges are assigned to the user logged in as root. To create users with User and Power User privileges, perform the following steps.
NOTE: You must be logged in as root or an equivalent user to perform
these procedures.
NOTE: You must have the useradd utility installed on your system to perform
these procedures.
Setup and Administration 23
Creating Users
NOTE: For information about creating users and user groups, see your operating
system documentation.
Creating Users With User Privileges
1
Run the following command from the command line:
useradd -d <
home-directory
> -g <
group
> <
username
>
where <group> is
NOTE: If <group> does not exist, create it by using the groupadd
command.
2
Ty p e
passwd <
3
When prompted, enter a password for the new user.
NOTE: Assign a password to every user account that can access Server
Administrator to protect access to your critical system components.
not root
.
username> and press <Enter>.
The new user can now log in to Server Administrator with User group privileges.
Creating Users With Power User Privileges
1
Run the following command from the command line:
useradd -d <home-directory> -g root <username>
NOTE: Set root as the primary group.
2
Ty p e
passwd <
3
When prompted, enter a password for the new user.
NOTE: Assign a password to every user account that can access Server
Administrator to protect access to your critical system components.
username> and press <Enter>.
The new user can now log in to Server Administrator with Power User group privileges.
24 Setup and Administration

Editing Server Administrator User Privileges on Linux Operating Systems

NOTE: Log in as root or an equivalent user to perform these procedures.
1
Open the
2
Add the following in the file:
<User_Name>[Tab]<Host_Name>[Tab]<Rights>
Table 2-4 lists the legend for adding the role definition to the
omarolemap
Table 2-4. Legend for adding the role definition in OpenManage Server
<User_Name> <Host_Name> <Rights>
User Name Host Name Administrator
(+)Group Name Domain User
Wildcard (*) Wildcard (*) User
[Tab] = \t (tab character)
Table 2-5 lists the examples for adding the role definition to the
omarolemap
Table 2-5. Examples for adding the role definition in OpenManage Server
omarolemap
file
Administrator
file.
Administrator
file located at
/opt/dell/srvadmin/etc/omarolemap
.
<User_Name> <Host_Name> <Rights>
Bob Ahost Poweruser
+root Bhost Administrator
+root Chost Administrator
Bob *.aus.amer.com Poweruser
Mike 192.168.2.3 Poweruser
3
Save and close the file.
Setup and Administration 25
Best Practices While Using the omarolemap File
The following are the best practices to be considered while working with the omarolemap file:
Do not delete the following default entries in the
root * Administrator
+root * Poweruser
**User
omarolemap
file.
Do not change the
Do not use the loop back address for
omarolemap
file permissions or file format.
<Host_Name>
, for example:
localhost or 127.0.0.1.
After the connection services are restarted and the changes do not take effect for the
•When the
omarolemap
omarolemap
file, see the command log for the errors.
file is copied from one machine to another
machine, file permissions and the entries of the file needs to be rechecked.
•Prefix the
Group Name
with +.
Server Administrator uses the default operating system user privileges, if:
a user is degraded in the
omarolemap
file
there are duplicate entries of user names or user groups along
with same
You can also use
<Host_Name>
Space
as a delimiter for columns instead of
[Tab].

Creating Server Administrator Users for VMware ESX 4.X, ESXi 4.X, and ESXi 5.X

To add a user to the Users table:
1
Log in to the host using the vSphere Client.
2
Click the
3
Right-click anywhere in the Users table and click
New User
4
Enter a login, a user name, a numeric user ID (UID), and a password; specifying the user name and UID are optional. If you do not specify the UID, the vSphere Client assigns the next available UID.
Users & Groups
dialog box.
tab and click
Users
.
Add
to open the
Add
26 Setup and Administration
5
To allow a user to access the ESX/ESXi host through a command shell, select
Grant shell access to this user
through the vSphere Client do not need shell access.
6
To add the user to a group, select the group name from the down menu and click
7
Click OK.
Add
.
. Users that access the host only
Group

Disabling Guest and Anonymous Accounts in Supported Windows Operating Systems

NOTE: You must be logged in with Administrator privileges to perform
this procedure.
1
Open the
2
In the console tree, expand
3
Double click Properties for those users, or right click the user account and then choose
4
Select
A red circle with an X appears over the user name to indicate that the account is disabled.
Computer Management
Guest
or
IUSR_system
Account is disabled
window.
Local Users and Groups
name user account to see the
Guest
Properties
and click OK.
.
and click
or
IUSR_system
Users
drop-
.
name

Configuring the SNMP Agent

Server Administrator supports the Simple Network Management Protocol (SNMP)—a systems management standard—on all supported operating systems. The SNMP support may or may not be installed depending on your operating system and how the operating system was installed. In most cases, SNMP is installed as part of your operating system installation. An installed supported systems management protocol standard, such as SNMP, is required before installing Server Administrator.
You can configure the SNMP agent to change the community name, enable Set operations, and send traps to a management station. To configure your SNMP agent for proper interaction with management applications such as the Dell OpenManage IT Assistant, perform the procedures described in the following sections.
Setup and Administration 27
NOTE: The default SNMP agent configuration usually includes a SNMP community
name such as public. For security reasons, rename the default SNMP community names. For information about renaming the SNMP community names, see the appropriate section below.
NOTE: SNMP Set operations are disabled by default in Server Administrator
version 5.2 or later. Server Administrator provides support to enable or disable SNMP Set operations in Server Administrator. You can use the Server Administrator SNMP Configuration page under Preferences or the Server Administrator command line interface (CLI) to enable or disable SNMP Set operations in Server Administrator. For more information about the Server Administrator CLI, see the Dell OpenManage Server Administrator Command Line Interface User's Guide.
NOTE: For IT Assistant to retrieve management information from a system running
Server Administrator, the community name used by IT Assistant must match a community name on the system running Server Administrator. For IT Assistant to modify information or perform actions on a system running Server Administrator, the community name used by IT Assistant must match a community name that allows Set operations on the system running Server Administrator. For IT Assistant to receive traps (asynchronous event notifications) from a system running Server Administrator, the system running Server Administrator must be configured to send traps to the system running IT Assistant.
The following procedures provide step-by-step instructions for configuring the SNMP agent for each supported operating system:
“Configuring the SNMP Agent for Systems Running Supported Windows Operating Systems" on page 29.
“Configuring the SNMP Agent on Systems Running Supported Red Hat Enterprise Linux" on page 32.
“Configuring the SNMP Agent on Systems Running Supported SUSE Linux Enterprise Server" on page 36.
"Configuring the SNMP Agent on Systems Running Supported VMware ESX 4.X Operating Systems to Proxy VMware MIBs" on page 39.
“Configuring the SNMP Agent on Systems Running Supported VMware ESXi 4.X and ESXi 5.X Operating Systems" on page 41.
28 Setup and Administration

Configuring the SNMP Agent for Systems Running Supported Windows Operating Systems

Server Administrator uses the SNMP services provided by the Windows SNMP agent. You can configure the SNMP agent to change the community name, enable Set operations, and send traps to a management station. To configure your SNMP agent for proper interaction with management applications such as IT Assistant, perform the procedures described in the following sections.
NOTE: See your operating system documentation for additional details on SNMP
configuration.
Enabling SNMP Access By Remote Hosts
Windows Server 2003, by default, does not accept SNMP packets from remote hosts. For systems running Windows Server 2003, you must configure the SNMP service to accept SNMP packets from remote hosts if you plan to manage the system by using SNMP management applications from remote hosts.
To enable a system running the Windows Server 2003 operating system to receive SNMP packets from a remote host, perform the following steps:
1
Open the
2
Expand the
3
Expand the
4
Scroll down the list of services until you find
SNMP Service
The
Computer Management
Computer Management
Services and Applications
, and then click
SNMP Service Properties
window.
icon in the window, if necessary.
icon and click
Services
SNMP Service
Properties
.
window appears.
.
, right-click
5
Click the
6
Select
Security
tab.
Accept SNMP packets from any host
Accept SNMP packets from these hosts
, or add the remote host to the
list.
Setup and Administration 29
Changing the SNMP Community Name
Configuring the SNMP community names determines which systems are able to manage your system through SNMP. The SNMP community name used by management applications must match an SNMP community name configured on the Server Administrator system so that the management applications can retrieve management information from Server Administrator.
1
Open the
2
Expand the
3
Expand the
4
Scroll down the list of services until you find
SNMP Service
The
5
Click the
Computer Management
Computer Management
Services and Applications
, and then click
SNMP Service Properties
Security
tab to add or edit a community name.
window.
icon in the window, if necessary.
icon and click
SNMP Service
Properties
.
window appears.
Services
.
, right-click
To add a community name:
a
Click
Add
under the
The
SNMP Service Configuration
b
Type the community name of a system that is able to manage your system (the default is public) in the click
Add
.
The
SNMP Service Properties
Accepted Community Names
window appears.
Community Name
window appears.
list.
text box and
To edit a community name:
a
Select a community name in the and click
The
b
Make all necessary edits to the community name of the system that is
Edit
.
SNMP Service Configuration
able to manage your system in the then click
The
6
Click OK to save the changes.
OK
.
SNMP Service Properties window appears
30 Setup and Administration
Accepted Community Names
window appears.
Community Name
text box, and
.
list
Loading...
+ 100 hidden pages