Trademarks used in this text: Dell™, the Dell logo, Dell Boomi™, Dell Precision™ , OptiPlex™, Latitude™, PowerEdge™, PowerVault™,
PowerConnect™, OpenManage™, EqualLogic™, Compellent™, KACE™, FlexAddress™, Force10™ and Vostro™ are trademarks of Dell
Inc. Intel®, Pentium®, Xeon®, Core® and Celeron® are registered trademarks of Intel Corporation in the U.S. and other countries. AMD
is a registered trademark and AMD Opteron™, AMD Phenom™ and AMD Sempron™ are trademarks of Advanced Micro Devices, Inc.
Microsoft®, Windows®, Windows Server®, Internet Explorer®, MS-DOS®, Windows Vista® and Active Directory® are either trademarks
or registered trademarks of Microsoft Corporation in the United States and/or other countries. Red Hat® and Red Hat® Enterprise
Linux® are registered trademarks of Red Hat, Inc. in the United States and/or other countries. Novell® and SUSE® are registered
trademarks of Novell Inc. in the United States and other countries. Oracle® is a registered trademark of Oracle Corporation and/or its
affiliates. Citrix®, Xen®, XenServer® and XenMotion® are either registered trademarks or trademarks of Citrix Systems, Inc. in the
United States and/or other countries. VMware®, vMotion®, vCenter®, vCenter SRM™ and vSphere® are registered trademarks or
trademarks of VMware, Inc. in the United States or other countries. IBM® is a registered trademark of International Business Machines
Corporation.
Updating Individual System Components.................................................................................................................6
What Is New In This Release................................................................................................................................... 7
Systems Management Standards Availability..........................................................................................................8
Availability On Supported Operating Systems................................................................................................... 8
Server Administrator Home Page.............................................................................................................................9
Other Documents You May Need............................................................................................................................. 9
Accessing Documents From Dell Support Site................................................................................................ 10
User Privileges................................................................................................................................................. 12
Assigning User Privileges.......................................................................................................................................14
Adding Users To A Domain On Windows Operating Systems......................................................................... 14
Creating Server Administrator Users For Supported Red Hat Enterprise Linux and SUSE Linux
Enterprise Server Operating Systems..............................................................................................................14
Disabling Guest And Anonymous Accounts In Supported Windows Operating Systems...............................17
Configuring The SNMP Agent..........................................................................................................................17
Firewall Configuration On Systems Running Supported Red Hat Enterprise Linux Operating Systems
And SUSE Linux Enterprise Server...................................................................................................................24
3 Using Server Administrator..................................................................................................... 26
Logging In And Out................................................................................................................................................. 26
Server Administrator Local System Login........................................................................................................26
Server Administrator Managed System Login — Using the Desktop Icon......................................................27
3
Server Administrator Managed System Login — Using The Web Browser....................................................27
Central Web Server Login................................................................................................................................ 27
Using The Active Directory Login.....................................................................................................................28
Single Sign-On..................................................................................................................................................28
Configuring Security Settings On Systems Running A Supported Microsoft Windows Operating System.... 29
The Server Administrator Home Page....................................................................................................................30
Server Administrator User Interface Differences Across Modular And Non-Modular Systems....................32
Global Navigation Bar...................................................................................................................................... 33
System Tree......................................................................................................................................................33
Data Area......................................................................................................................................................... 33
Using The Online Help............................................................................................................................................ 35
Using The Preferences Home Page........................................................................................................................35
Managed System Preferences........................................................................................................................ 36
Server Administrator Web Server Preferences...............................................................................................36
Dell Systems Management Server Administration Connection Service And Security Setup......................... 36
Server Administrator Web Server Action Tabs............................................................................................... 39
Using The Server Administrator Command Line Interface.....................................................................................39
4 Server Administrator Services................................................................................................40
Managing Your System...........................................................................................................................................40
Managing System/Server Module Tree Objects.................................................................................................... 41
Server Administrator Home Page System Tree Objects........................................................................................ 41
Main System Chassis/Main System.................................................................................................................44
Managing Preferences: Home Page Configuration Options.................................................................................. 54
General Settings...............................................................................................................................................54
Server Administrator........................................................................................................................................55
5 Working With Remote Access Controller ............................................................................ 56
Configuring The Remote Access Device To Use A LAN Connection..................................................................... 58
Configuring The Remote Access Device To Use A Serial Port Connection........................................................... 60
Configuring The Remote Access Device To Use A Serial Over LAN Connection.................................................. 60
Additional Configuration For iDRAC........................................................................................................................61
Server Administrator Logs......................................................................................................................................64
Setting Alert Actions For Systems Running Supported Red Hat Enterprise Linux And SUSE Linux
Enterprise Server Operating Systems.................................................................................................................... 67
Setting Alert Actions In Microsoft Windows Server 2003 And Windows Server 2008...........................................67
Setting Alert Action Execute Application In Windows Server 2008....................................................................... 68
Connection Service Failure.....................................................................................................................................70
Dell OpenManage Server Administrator (OMSA) provides a comprehensive, one-to-one systems management solution in
two ways: from an integrated, web browser-based graphical user interface (GUI) and from a command line interface
(CLI) through the operating system. Server Administrator enables system administrators to manage systems locally and
remotely on a network. It enables system administrators to focus on managing their entire network by providing
comprehensive one-to-one systems management. In the context of Server Administrator, a system refers to a standalone system, a system with attached network storage units in a separate chassis, or a modular system consisting of
one or more server modules in a modular enclosure. Server Administrator provides information about:
•Systems that are operating properly and systems that have problems
•Systems that require remote recovery operations
Server Administrator provides easy-to-use management and administration of local and remote systems through a
comprehensive set of integrated management services. Server Administrator is the sole installation on the system being
managed and is accessible both locally and remotely from the Server Administrator home page. Remotely monitored
systems may be accessed through dial-in, LAN, or wireless connections. Server Administrator ensures the security of its
management connections through role-based access control (RBAC), authentication, and secure socket layer (SSL)
encryption.
Installation
You can install Server Administrator using the
provides a setup program to install, upgrade, and uninstall Server Administrator, managed system and management
station software components. Additionally, you can install Server Administrator on multiple systems through an
unattended installation across a network. The Dell OpenManage installer provides installation scripts and RPM
packages to install and uninstall Dell OpenManage Server Administrator and other managed system software
components on your managed system. For more information, see the
Guide
and the
Dell OpenManage Management Station Software Installation Guide
NOTE: When you install the open source packages from the
DVD, the corresponding license files are automatically copied to the system. When you remove these packages,
the corresponding license files are also removed.
NOTE: If you have a modular system, you must install Server Administrator on each server module installed in the
chassis.
Dell Systems Management Tools and Documentation DVD
Dell OpenManage Server Administrator Installation
at dell.com/support/manuals.
Dell Systems Management Tools and Documentation
. The DVD
Updating Individual System Components
To update individual system components, use component-specific Dell Update Packages. Use the
Utility
DVD to view the complete version report and to update an entire system. The Server Update Utility (SUU) identifies
and applies the required updates to your system. SUU can also be downloaded from support.dell.com.
6
Dell Server Update
NOTE: For more information about obtaining and using the Server Update Utility (SUU), to update your Dell
Systems or to view the updates available for any systems listed in the Repository, see the
Utility User's Guide
at dell.com/support/manuals.
Dell Server Update
Storage Management Service
The Storage Management Service provides storage management information in an integrated graphical view.
NOTE: For more information about the Storage Management Service, see the
Administrator Storage Management User's Guide
at dell.com/support/manuals.
Dell OpenManage Server
Instrumentation Service
The Instrumentation Service provides rapid access to detailed fault and performance information gathered by industrystandard systems management agents and allows remote administration of monitored systems, including shutdown,
startup, and security.
Remote Access Controller
The Remote Access Controller provides a complete remote system management solution for systems equipped with the
Dell Remote Access Controller (DRAC) or Baseboard Management Controller (BMC)/Integrated Dell Remote Access
Controller (iDRAC) solution. The Remote Access Controller provides remote access to an inoperable system, allowing
you to get the system up and running as quickly as possible. The Remote Access Controller also provides an alert
notification when a system is down and allows you to remotely restart the system. Additionally, the Remote Access
Controller logs the probable cause of system crashes and saves the most recent crash screen.
Logs
Server Administrator displays logs of commands issued to or by the system, monitored hardware events, and system
alerts. You can view logs on the home page, print or save them as reports, and send them by e-mail to a designated
service contact.
What Is New In This Release
•Added support for the following operating systems:
– Red Hat Enterprise Linux 5.9 (32–bit and 64–bit)
– Red Hat Enterprise Linux 6.4 (64–bit)
– Microsoft Windows Server 2012 Essentials
– VMware vSphere 5.1 U1
– VMware vSphere 5.0 U2
– Citrix XenServer 6.2
•Security fixes and enhancements for the following:
– Fixed CVE-2012-6272, CSRF, XSS, and generic path manipulation
– Upgraded to JRE version 1.7 Update 21
– Upgraded to Apache Tomcat version 7.0.39
•Added support for Google Chrome 21 and 22
7
•Added support for Safari 5.1.7 on Apple Mac OS X
•Added support for the following Network Interface Cards (NICs):
– Broadcom 57840S Quad Port 10G SFP+ Rack NDC
– Broadcom 57840S-k Quad Port 10GbE Blade KR NDC
•Support for 240-Volt DC power supplies
•Ability to set Platform Event Destinations as IPv4, IPv6, or FQDN on 12G systems with iDRAC7 specific versions
•Added support for the following features in Storage Management:
– PCIe SSD support for ESXi 5.1 U1.
– Remaining Rated Write Endurance status for SAS and SATA SSD attached to a PERC 8.
– Fluid Cache for direct attached storage (DAS) support on Red Hat Enterprise Linux 6.4 and Novell SUSE Linux
Enterprise Server 11 SP2 for PERC H810, H710 Adapter, H710P, and H710 Mini on Dell PowerEdge R720, R820,
R620, and T620.
NOTE: For more information, see the
Guide
at dell.com/openmanagemanuals.
•Deprecated support for the following operating systems:
– Red Hat Enterprise Linux 6.3
– Red Hat Enterprise Linux 5.8
NOTE: For the list of supported operating systems and Dell servers, see the
in the required version of OpenManage Software at dell.com/openmanagemanuals.
NOTE: For more information about the features introduced in this release, see the Server Administrator contextsensitive online help.
Dell OpenManage Server Administrator Storage Management User’s
Dell Systems Software Support Matrix
Systems Management Standards Availability
Dell OpenManage Server Administrator supports the following systems management protocols:
•HyperText Transfer Protocol Secure (HTTPS)
•Common Information Model (CIM)
•Simple Network Management Protocol (SNMP)
If your system supports SNMP, you must install and enable the service on your operating system. If SNMP services are
available on your operating system, the Server Administrator installation program installs the supporting agents for
SNMP.
HTTPS is supported on all operating systems. Support for CIM and SNMP is operating system dependent and, in some
cases, operating system-version dependent.
NOTE: For information on SNMP security concerns, see the Dell OpenManage Server Administrator readme file
(packaged with the Server Administrator application) or at dell.com/support/manuals. You must apply updates
from your operating system's master SNMP agents to ensure that Dell's SNMP subagents are secure.
Availability On Supported Operating Systems
On supported Microsoft Windows operating systems, Server Administrator supports two systems management
standards: CIM/Windows Management Instrumentation (WMI) and SNMP, while on supported Red Hat Enterprise Linux
and SUSE Linux Enterprise Server operating systems, Server Administrator supports the SNMP systems management
standard.
8
Server Administrator adds considerable security to these systems management standards. All attributes set operations
(for example, changing the value of an asset tag) must be performed with Dell OpenManage IT Assistant while logged in
with the required privileges.
The following table shows the systems management standards that are available for each supported operating system.
Table 1. Systems Management Standards Availability
Operating SystemSNMPCIM
Windows Server 2008 family and
Windows Server 2003 family
Red Hat Enterprise LinuxAvailable in the net-snmp package from the
SUSE Linux Enterprise ServerAvailable in the net-snmp package from the
VMware ESXAvailable in the net-snmp package installed by
VMware ESXiSNMP trap support available
Available from the operating system installation
media
operating system installation media
operating system installation media
the operating system
NOTE: While ESXi supports SNMP traps, it
does not support hardware inventory
through SNMP.
Always installed
Unavailable
Unavailable
Available
Available
Citrix XenServer 6.0Available in the net-snmp package from the
operating system installation media
Unavailable
Server Administrator Home Page
The Server Administrator home page provides easy-to-set up and easy-to-use Web browser-based system management
tasks from the managed system or from a remote host through a LAN, dial-up service, or wireless network. When the
Dell Systems Management Server Administrator Connection Service (DSM SA Connection Service) is installed and
configured on the managed system, you can perform remote management functions from any system that has a
supported Web browser and connection. Additionally, the Server Administrator home page provides an extensive,
context-sensitive online help.
Other Documents You May Need
In addition to this guide, you can access the following guides available at dell.com/support/manuals.
•The
Dell Systems Software Support Matrix
systems supported by these systems, and the Dell OpenManage components that can be installed on these systems.
•The
Dell OpenManage Server Administrator Installation Guide
OpenManage Server Administrator.
•The
Dell OpenManage Management Station Software Installation Guide
OpenManage management station software.
•The
Dell OpenManage Server Administrator SNMP Reference Guide
Protocol (SNMP) management information base (MIB).
•The
Dell OpenManage Server Administrator CIM Reference Guide
provider, an extension of the standard management object format (MOF) file.
•The
Dell OpenManage Server Administrator Messages Reference Guide
your Server Administrator home page Alert log or on your operating system’s event viewer.
•The
Dell OpenManage Server Administrator Command Line Interface Guide
interface for Server Administrator.
provides information about the various Dell systems, the operating
contains instructions to help you install Dell
contains instructions to help you install Dell
documents the Simple Network Management
documents the Common Information Model (CIM)
lists the messages that are displayed in
documents the complete command line
9
•The
Dell Remote Access Controller 5 User's Guide
command line utility to configure a DRAC 5.
•The
Dell Chassis Management Controller User’s Guide
controller that manages all modules in the chassis containing your Dell system.
•The
Command Line Reference Guide for iDRAC6 and CMC
supported interfaces, property database groups and object definitions for iDRAC6 and CMC.
•For Client System Management documents — dell.com/OMConnectionsClient
•For OpenManage Connections Enterprise systems management documents — dell.com/
OMConnectionsEnterpriseSystemsManagement
•For OpenManage Connections Client systems management documents — dell.com/OMConnectionsClient
Obtaining Technical Assistance
If at any time you do not understand a procedure described in this guide or if your product does not perform as
expected, help tools are available to assist you. For more information about these help tools, see Getting Help in your
system's
Additionally, Dell Enterprise Training and Certification is available; see dell.com/training for more information. This
service may not be offered in all locations.
Hardware Owner’s Manual
.
Contacting Dell
NOTE: Dell provides several online and telephone-based support and service options. If you do not have an active
Internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell product
catalog. Availability varies by country and product, and some services may not be available in your area.
To contact Dell for sales, technical support, or customer-service issues:
1.Go to dell.com/contactdell.
2.Select your country or region from the interactive world map.
When you select a region, the countries for the selected regions are displayed.
3.Select the appropriate language under the country of your choice.
4.Select your business segment.
The main support page for the selected business segment is displayed.
5.Select the appropriate option depending on your requirement.
NOTE: If you have purchased a Dell system, you may be asked for the Service Tag.
11
2
Setup And Administration
Dell OpenManage Server Administrator provides security through role- based access control (RBAC), authentication,
and encryption for both the Web-based and command line interfaces.
Role-Based Access Control
RBAC manages security by determining the operations that can be executed by persons in particular roles. Each user is
assigned one or more roles, and each role is assigned one or more privileges that are permitted to users in that role.
With RBAC, security administration corresponds closely to an organization's structure.
User Privileges
Server Administrator grants different access rights based on the user's assigned group privileges. The four user
privilege levels are: User, Power User, Administrator, and Elevated Administrator.
Table 2. User Privileges
User Privilege
Level
ViewManage
UserYesNo
Power UserYesYes
AdministratorYesYes
Elevated
Administrator
(Linux only)
Privilege Levels to Access Server Administrator Services
The following table summarizes the users who have privileges to access and manage Server Administrator services.
Server Administrator grants read-only access to users logged in with User privileges, read and write access to users
logged in with Power User privileges, and read, write, and administrator access to users logged in with
and
Elevated Administrator
Table 3. Privileges Required To Manage Server Administrator Services
Service User Privilege Level Required
YesYes
Access
Type
privileges.
Description
Users
can view most information.
Power Users
which alert actions are to be performed when a warning or failure
event occurs.
Administrators
configure Auto Recovery actions in case a system has a nonresponsive operating system, and clear hardware, event, and
command logs. Administrators can also configure the system to
send e-mails.
Elevated Administrators
ViewManage
can set warning threshold values and configure
can configure and perform shutdown actions,
can view and manage information.
Administrator
12
InstrumentationUser, Power User, Administrator,
Elevated Administrator
Remote AccessUser, Power User, Administrator,
Elevated Administrator
Storage ManagementUser, Power User, Administrator,
Elevated Administrator
Power User, Administrator, Elevated
Administrator
Administrator, Elevated Administrator
Administrator, Elevated Administrator
Authentication
The Server Administrator authentication scheme ensures that the correct access types are assigned to the correct user
privileges. Additionally, when the command line interface (CLI) is invoked, the Server Administrator authentication
scheme validates the context within which the current process is running. This authentication scheme ensures that all
Server Administrator functions, whether accessed through the Server Administrator home page or CLI, are properly
authenticated.
Microsoft Windows Authentication
On supported Microsoft Windows operating systems, Server Administrator uses Integrated Windows Authentication
(formerly called NTLM) to authenticate. This authentication system allows Server Administrator security to be
incorporated in an overall security scheme for your network.
Red Hat Enterprise Linux And SUSE Linux Enterprise Server Authentication
On supported Red Hat Enterprise Linux and SUSE Linux Enterprise Server operating systems, Server Administrator uses
various authentication methods based on the Pluggable Authentication Modules (PAM) library. Users can log in to
Server Administrator either locally or remotely using different account management protocols, such as LDAP, NIS,
Kerberos, and Winbind.
VMware ESX Server 4.X Authentication
VMware ESX Server uses the Pluggable Authentication Modules (PAM) structure for authentication when users access
the ESX Server host. The PAM configuration for VMware services stores paths to the authentication modules and is
located at /etc/pam.d/vmware-authd.
The default installation of ESX Server uses /etc/passwd authentication, similar to Linux, but you can configure ESX
Server to use another distributed authentication mechanism.
NOTE: On systems running VMware ESX Server 4.x operating system, to login to Server Administrator, all users
require Administrator privileges. For information on assigning roles, see the VMware documentation.
VMware ESXi Server 5.X Authentication
ESXi Server authenticates users accessing ESXi hosts using the vSphere/VI Client or Software Development Kit (SDK).
The default installation of ESXi uses a local password database for authentication. ESXi authentication transactions with
Server Administrator are also direct interactions with the vmware-hostd process. To make sure that authentication
works efficiently for your site, perform basic tasks such as setting up users, groups, permissions, and roles, configuring
user attributes, adding your own certificates, and determining whether you want to use SSL.
NOTE: On systems running VMware ESXi Server 5.0 operating system, to login to Server Administrator, all users
require Administrator privileges. For information on assigning roles, see the VMware documentation.
13
Encryption
Server Administrator is accessed over a secure HTTPS connection using secure socket layer (SSL) technology to
ensure and protect the identity of the system being managed. Java Secure Socket Extension (JSSE) is used by
supported Microsoft Windows, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server operating systems to protect
the user credentials and other sensitive data that is transmitted over the socket connection when a user accesses the
Server Administrator home page.
Assigning User Privileges
To ensure critical system component security, assign user privileges to all Dell OpenManage software users before
installing Dell OpenManage software. New users can log in to Dell OpenManage software using their operating system
user privileges.
CAUTION: To protect access to your critical system components, assign a password to every user account that
can access Dell OpenManage software. Users without an assigned password cannot log in to Dell OpenManage
software on a system running Windows Server 2003 due to the operating system design.
CAUTION: Disable guest accounts for supported Windows operating systems to protect access to your critical
system components. Consider renaming the guest accounts so that remote scripts cannot enable the accounts
using the default guest account names.
NOTE: For instructions on assigning user privileges for each supported operating system, see your operating
system documentation.
NOTE: To add users to OpenManage software, add new users to the operating system. You do not have to create
new users from within the OpenManage software.
Adding Users To A Domain On Windows Operating Systems
NOTE: You must have Microsoft Active Directory installed on your system to perform the following procedures.
See Using the Active Directory Login for more information about using Active Directory.
1.Navigate to Control Panel → Administrative Tools → Active Directory Users and Computers.
2.In the console tree, right-click Users or right-click the container in which you want to add the new user, and then
point to New → User .
3.Type the appropriate user name information in the dialog box, and then click Next.
4.Click Next , and then click Finish.
5.Double-click the icon representing the user that you just created.
6.Click the Member of tab.
7.Click Add .
8.Select the appropriate group and click Add.
9.Click OK , and then click OK again.
New users can log in to Dell OpenManage software with the user privileges for their assigned group and domain.
Creating Server Administrator Users For Supported Red Hat Enterprise Linux and SUSE
Linux Enterprise Server Operating Systems
Administrator access privileges are assigned to the user logged in as root. To create users with User and Power User
privileges, perform the following steps.
14
NOTE: You must be logged in as root or an equivalent user to perform the following procedures.
NOTE: You must have the useradd utility installed on your system to perform the following procedures.
Creating Users
NOTE: For information about creating users and user groups, see your operating system documentation.
Creating Users With User Privileges
1.Run the following command from the command line: useradd -d <home-directory> -g <group> <username> where <group> is not root.
NOTE: If <group> does not exist, create it by using the groupadd command.
2.Type passwd <username> and press <Enter>.
3.When prompted, enter a password for the new user.
NOTE: Assign a password to every user account that can access Server Administrator to protect access to
your critical system components.
The new user can now log in to Server Administrator with User group privileges.
Creating Users With Power User Privileges
1.Run the following command from the command line:useradd -d <home-directory> -g <group>
<username>
NOTE: Set root as the primary group.
2.Type passwd <username> and press <Enter>.
3.When prompted, enter a password for the new user.
NOTE: Assign a password to every user account that can access Server Administrator to protect access to
your critical system components.
The new user can now log in to Server Administrator with Power User group privileges.
Editing Server Administrator User Privileges On Linux Operating Systems
NOTE: You must be logged in as root or an equivalent user to perform the following procedures.
1.Open the omarolemap file located at /opt/dell/srvadmin/etc/omarolemap.
2.Add the following in the file: <User_Name>[Tab]<Host_Name>[Tab]<Rights>
The following table lists the legend for adding the role definition to the omarolemap file
Table 4. Legend for adding the role definition in OpenManage Server Administrator
<User_Name><Host_Name><Rights>
User NameHost NameAdministrator
(+) Group NameDomainUser
Wildcard (*)Wildcard (*)User
[Tab] = \t (tab
character)
The following table lists the examples for adding the role definition to the omarolemap file.
15
Table 5. Examples for adding the role definition in OpenManage Server Administrator
<User_Name><Host_Name><Rights>
BobAhostPoweruser
+ rootBhostAdministrator
+ rootChostAdministrator
Bob*.aus.amer.comPoweruser
Mike192.168.2.3Poweruser
3.Save and close the file.
Best Practices While Using The Omarolemap File
The following are the best practices to be considered while working with the omarolemap file :
•Do not delete the following default entries in the omarolemap file.
root* Administrator
+root* Poweruser
** User
•Do not change the omarolemap file permissions or file format.
•Do not use the loop back address for <Host_Name> , for example: localhost or 127.0.0.1.
•After the connection services are restarted and the changes do not take effect for the omarolemap file, see the
command log for the errors.
•When the omarolemap file is copied from one machine to another machine, file permissions and the entries of the
file needs to be rechecked.
•Prefix the Group Name with + .
•Server Administrator uses the default operating system user privileges, if :
– a user is degraded in the omarolemap file
– there are duplicate entries of user names or user groups along with same <Host_Name>
•You can also use Space as a delimiter for columns instead of [Tab].
Creating Server Administrator Users For VMware ESX 4.X, ESXi 4.X, And ESXi 5.X
To add a user to the Users table:
1.Log in to the host using the vSphere Client.
2.Click the Users & Groups tab and click Users .
3.Right-click anywhere in the Users table and click Add to open the Add New User dialog box.
4.Enter login, user name, a numeric user ID (UID), and password; specifying that the user name and UID are optional.
If you do not specify the UID, the vSphere Client assigns the next available UID.
5.To allow a user to access the ESX/ESXi host through a command shell, select Grant shell access to this user. Users
that access the host only through the vSphere Client do not need shell access.
6.To add the user to a group, select the group name from the Group drop-down menu and click Add .
7.Click OK .
16
Disabling Guest And Anonymous Accounts In Supported Windows Operating Systems
NOTE: You must be logged in with Administrator privileges to perform this procedure.
1.Open the Computer Management window.
2.In the console tree, expand Local Users and Groups and click Users.
3.Double-click Guest or IUSR_system name user account to see the Properties for those users, or right-click the
Guest or IUSR_
4.Select Account is disabled and click OK.
A red circle with an X appears over the user name to indicate that the account is disabled.
system name
user account and then select Properties.
Configuring The SNMP Agent
Server Administrator supports the Simple Network Management Protocol (SNMP—a systems management standard—
on all supported operating systems. The SNMP support may or may not be installed depending on your operating system
and how the operating system was installed. In most cases, SNMP is installed as part of your operating system
installation. An installed supported systems management protocol standard, such as SNMP, is required before installing
Server Administrator.
You can configure the SNMP agent to change the community name, enable Set operations, and send traps to a
management station. To configure your SNMP agent for proper interaction with management applications such as the
Dell OpenManage IT Assistant, perform the procedures described in the following sections.
NOTE: The default SNMP agent configuration usually includes a SNMP community name such as public. For
security reasons, you must rename the default SNMP community names. For information about renaming the
SNMP community names, see
NOTE: SNMP Set operations are disabled by default in Server Administrator version 5.2 or later. You can enable or
disable SNMP Set operations using the Server Administrator SNMP Configuration page under Preferences or the
Server Administrator command line interface (CLI). For more information about the Server Administrator CLI, see
Dell OpenManage Server Administrator Command Line Interface Guide
the
NOTE: For IT Assistant to retrieve management information from a system running Server Administrator, the
community name used by IT Assistant must match a community name on the system running Server Administrator.
For IT Assistant to modify information or perform actions on a system running Server Administrator, the community
name used by IT Assistant must match a community name that allows Set operations on the system running
Server Administrator. For IT Assistant to receive traps (asynchronous event notifications) from a system running
Server Administrator, the system running Server Administrator must be configured to send traps to the system
running IT Assistant.
Changing The SNMP Community Name.
at dell.com/support/manuals.
The following procedures provide step-by-step instructions for configuring the SNMP agent for each supported
operating system:
•Configuring the SNMP Agent For Systems Running Supported Windows Operating Systems
•Configuring the SNMP Agent On Systems Running Supported Red Hat Enterprise Linux
•Configuring the SNMP Agent On Systems Running Supported SUSE Linux Enterprise Server
•Configuring the SNMP Agent On Systems Running Supported VMware ESX 4.X Operating Systems to Proxy VMware
MIBs
•Configuring the SNMP Agent On Systems Running Supported VMware ESXi 4.X and ESXi 5.X Operating Systems
Configuring The SNMP Agent On Systems Running Supported Windows Operating Systems
Server Administrator uses the SNMP services provided by the Windows SNMP agent. You can configure the SNMP
agent to change the community name, enable Set operations, and send traps to a management station. To configure
17
your SNMP agent for proper interaction with management applications such as IT Assistant, perform the procedures
described in the following sections.
NOTE: For additional details on SNMP configuration, see the operating system documentation.
Enabling SNMP Access On Remote Hosts (Windows Server 2003 Only)
Windows Server 2003, by default, does not accept SNMP packets from remote hosts. For systems running Windows
Server 2003, you must configure the SNMP service to accept SNMP packets from remote hosts if you plan to manage
the system by using SNMP management applications from remote hosts.
To enable a system running the Windows Server 2003 operating system to receive SNMP packets from a remote host:
1.Open the Computer Management window.
2.Expand the Computer Management icon in the window, if necessary.
3.Expand the Services and Applications icon and click Services.
4.Scroll down the list of services until you find SNMP Service, right-click SNMP Service, and then click Properties.
The SNMP Service Properties window appears.
5.Click the Security tab.
6.Select Accept SNMP packets from any host, or add the remote host to the Accept SNMP packets from these hosts
list.
Changing The SNMP Community Name
Configuring the SNMP community names determines which systems are able to manage your system through SNMP.
The SNMP community name used by management applications must match an SNMP community name configured on
the system running Server Administrator so that the management applications can retrieve management information
from Server Administrator.
1.Open the Computer Management window.
2.Expand the Computer Management icon in the window, if necessary.
3.Expand the Services and Applications icon and click Services.
4.Scroll down the list of services until you find SNMP Service, right-click SNMP Service, and then click Properties .
The SNMP Service Properties window appears.
5.Click the Security tab to add or edit a community name.
To add a community name:
a. Click Add under the Accepted Community Names list.
The SNMP Service Configuration window appears.
b. Type the community name of a system that is able to manage your system (the default is public) in the
Community Name box and click Add.
The SNMP Service Properties window appears.
To edit a community name:
a. Select a community name in the Accepted Community Names list and click Edit.
The SNMP Service Configuration window appears.
b. Edit the community name in the Community Name box, and then click OK .
The SNMP Service Properties window appears.
6.Click OK to save the changes.
18
Enabling SNMP Set Operations
SNMP Set operations must be enabled on the Server Administrator system to change Server Administrator attributes
using IT Assistant.
1.Open the Computer Management window.
2.Expand the Computer Management icon in the window, if necessary.
3.Expand the Services and Applications icon, and then click Services.
4.Scroll down the list of services until you find SNMP Service, right-click SNMP Service, and click Properties.
The SNMP Service Properties window appears.
5.Click the Security tab to change the access rights for a community.
6.Select a community name in the Accepted Community Names list, and click Edit.
The SNMP Service Configuration window appears.
7.Set the Community rights to READ WRITE or READ CREATE, and click OK.
The SNMP Service Properties window appears.
8.Click OK to save the changes.
Configuring Your System To Send SNMP Traps To A Management Station
Server Administrator generates SNMP traps in response to changes in the status of sensors and other monitored
parameters. You must configure one or more trap destinations on the system running Server Administrator for SNMP
traps to be sent to a management station.
1.Open the Computer Management window.
2.Expand the Computer Management icon in the window, if necessary.
3.Expand the Services and Applications icon and click Services.
4.Scroll down the list of services until you find SNMP Service, right-click SNMP Service , and then click Properties.
The SNMP Service Properties window appears.
5.Click the Traps tab to add a community for traps or to add a trap destination for a trap community.
a. To add a community for traps, type the community name in the Community Name box and click Add to list,
which is located next to the Community Name box.
b. To add a trap destination for a trap community, select the community name from the Community Name drop-
down box and click Add under the Trap Destinations box.
The SNMP Service Configuration window appears.
c. In the Host name, IP or IPX address box, type the trap destination, Add.
The SNMP Service Properties window appears.
6.Click OK to save the changes.
Configuring The SNMP Agent On Systems Running Supported Red Hat Enterprise Linux
Server Administrator uses the SNMP services provided by the net-snmp SNMP agent. You can configure the SNMP
agent to change the community name, enable Set operations, and send traps to a management station. To configure
your SNMP agent for proper interaction with management applications such as IT Assistant, perform the procedures
described in the following sections.
NOTE: For additional details on SNMP configuration, see the operating system documentation.
SNMP Agent Access Control Configuration
The management information base (MIB) branch implemented by Server Administrator is identified by the Object
Identifier (OID) 1.3.6.1.4.1.674. Management applications must have access to this branch of the MIB tree to manage
systems running Server Administrator.
19
For Red Hat Enterprise Linux and VMware ESXi 4.0 operating systems, the default SNMP agent configuration gives readonly access for the
tree. This configuration does not allow management applications to retrieve or change Server Administrator or other
systems management information outside of the MIB-II
public
community only to the MIB-II
system
branch (identified by the 1.3.6.1.2.1.1 OID) of the MIB
system
branch.
Server Administrator SNMP Agent Install Actions
If Server Administrator detects the default SNMP configuration during installation, it attempts to modify the SNMP agent
configuration to give read-only access to the entire MIB tree for the public community. Server Administrator modifies
the SNMP agent configuration file
•Creating a vew to the entire MIB tree by adding the following line if it does not exist: view all included
•Modifying the default access line to give read-only access to the entire MIB tree for the public community. Server
Administrator looks for the following line: access notConfigGroup "" any noauth exact
systemview none none
•If Server Administrator finds the above line, it modifies the line as: access notConfigGroup "" any
noauth exact all none none
NOTE: To ensure that Server Administrator is able to modify the SNMP agent configuration for providing
proper access to systems management data, it is recommended that any other SNMP agent configuration
changes be made after installing Server Administrator.
Server Administrator SNMP communicates with the SNMP agent using the SNMP Multiplexing (SMUX) protocol. When
Server Administrator SNMP connects to the SNMP agent, it sends an object identifier to the SNMP agent to identify
itself as a SMUX peer. Because that object identifier must be configured with the SNMP agent, Server Administrator
adds the following line to the SNMP agent configuration file, /etc/snmp/snmpd.conf, during installation if it does not
exist:
smuxpeer .1.3.6.1.4.1.674.10892.1
/etc/snm, p/snmpd.conf by:
Changing The SNMP Community Name
Configuring the SNMP community name determines which systems are able to manage your system through SNMP. The
SNMP community name used by management applications must match an SNMP community name configured on the
system running Server Administrator, so that the management applications can retrieve management information from
Server Administrator.
To change the SNMP community name used for retrieving management information from a system running Server
Administrator:
1.Open the SNMP agent configuration file, /etc/snmp/snmpd.conf.
2.Find the line that reads: com2sec publicsec default public or com2sec notConfigUser
default public.
NOTE: For IPv6, find the line com2sec6 notConfigUser default public. Also, add the text
agentaddress udp6:161 in the file.
3.Edit this line, replacing public with the new SNMP community name. When edited, the new line should read:
com2sec publicsec default community_name or com2sec notConfigUser default
community_name.
4.To enable SNMP configuration changes, restart the SNMP agent by typing: service snmpd restart.
Enabling SNMP Set Operations
SNMP Set operations must be enabled on the system running Server Administrator in order to change Server
Administrator attributes using IT Assistant.
20
To enable SNMP Set operations on the system running Server Administrator, edit the SNMP agent configuration
file, /etc/snmp/snmpd.conf, and perform the following steps:
1.Find the line that reads: access publicgroup "" any noauth exact all none none or access notConfigGroup "" any noauth exact all none none.
2.Edit this line, replacing the first nonewith all. When edited, the new line should read: access publicgroup
"" any noauth exact all all none or access notConfigGroup "" any noauth exact
all all none.
3.To enable SNMP configuration changes, restart the SNMP agent by typing: service snmpd restart.
Configuring Your System To Send Traps To A Management Station
Server Administrator generates SNMP traps in response to changes in the status of sensors and other monitored
parameters. One or more trap destinations must be configured on the system running Server Administrator for SNMP
traps to be sent to a management station.
To configure your system running Server Administrator to send traps to a management station, edit the SNMP agent
configuration file, /etc/snmp/snmpd.conf, and perform the following steps:
1.Add the following line to the file: trapsink IP_address community_name, where IP_address is the IP
address of the management station and community_name is the SNMP community name.
2.To enable SNMP configuration changes, restart the SNMP agent by typing: service snmpd restart.
Configuring The SNMP Agent On Systems Running Supported SUSE Linux Enterprise Server
Server Administrator uses the SNMP services provided by the net-snmp agent. You can configure the SNMP agent to
enable SNMP access from remote hosts, change the community name, enable Set operations, and send traps to a
management station. To configure your SNMP agent for proper interaction with management applications such as IT
Assistant, perform the procedures described in the following sections.
NOTE: For additional details on SNMP configuration, see the operating system documentation.
Sever Administrator SNMP Install Actions
Server Administrator SNMP communicates with the SNMP agent using the SMUX protocol. When Server Administrator
SNMP connects to the SNMP agent, it sends an object identifier to the SNMP agent to identify itself as a SMUX peer.
This object identifier must be configured with the SNMP agent, therefore, Server Administrator adds the following line to
the SNMP agent configuration file, /etc/snmp/snmpd.conf, during installation if it does not exist:
smuxpeer .1.3.6.1.4.1.674.10892.1
Enabling SNMP Access From Remote Hosts
The default SNMP agent configuration on SUSE Linux Enterprise Server operating systems gives read-only access to
the entire MIB tree for the public community from the local host only. This configuration does not allow SNMP
management applications such as IT Assistant running on other hosts to discover and manage Server Administrator
systems properly. If Server Administrator detects this configuration during installation, it logs a message to the
operating system log file,
configure the SNMP agent to enable SNMP access from remote hosts if you plan to manage the system by using SNMP
management applications from remote hosts.
NOTE: For security reasons, it is advisable to restrict SNMP access to specific remote hosts if possible.
To enable SNMP access from a specific remote host to a system running Server Administrator, edit the SNMP agent
configuration file, /etc/snmp/snmpd.conf, and perform the following steps:
1.Find the line that reads: rocommunity public 127.0.0.1.
2.Edit or copy this line, replacing 127.0.0.1 with the remote host IP address. When edited, the new line should read:
rocommunity public IP_address.
/var/log/messages, to indicate that SNMP access is restricted to the local host. You must
21
NOTE: You can enable SNMP access from multiple specific remote hosts by adding a rocommunity
directive for each remote host.
3.To enable SNMP configuration changes, restart the SNMP agent by typing: /etc/init.d/snmpd restart.
To enable SNMP access from all remote hosts to a system running Server Administrator, edit the SNMP agent
configuration file, /etc/snmp/snmpd.conf, and perform the following steps:
4.Find the line that reads: rocommunity public 127.0.0.1.
5.Edit this line by deleting 127.0.0.1. When edited, the new line should read: rocommunity public.
6.To enable SNMP configuration changes, restart the SNMP agent by typing: /etc/init.d/snmpd restart.
Changing The SNMP Community Name
Configuring the SNMP community name determines which management stations are able to manage your system
through SNMP. The SNMP community name used by management applications must match the SNMP community name
configured on the system running Server Administrator,, so the management applications can retrieve the management
information from Server Administrator.
To change the default SNMP community name used for retrieving management information from a system running
Server Administrator:
1.Open the SNMP agent configuration file, /etc/snmp/snmpd.conf.
2.Find the line that reads: rocommunity public 127.0.0.1.
3.Edit this line by replacing public with the new SNMP community name. When edited, the new line should read:
rocommunity community_name 127.0.0.1.
4.To enable SNMP configuration changes, restart the SNMP agent by typing: /etc/init.d/snmpd restart.
Enabling SNMP Set Operations
SNMP Set operations must be enabled on the system running Server Administrator in order to change Server
Administrator attributes using IT Assistant. To enable remote shutdown of a system from IT Assistant, SNMP Set
operations must be enabled.
NOTE: Rebooting of your system for change management functionality does not require SNMP Set operations.
To enable SNMP Set operations on a system running Server Administrator:
1.Open the SNMP agent configuration file, /etc/snmp/snmpd.conf.
2.Find the line that reads: rocommunity public 127.0.0.1.
3.Edit this line by replacing rocommunity with rwcommunity. When edited, the new line should read:
rwcommunity public 127.0.0.1.
4.To enable SNMP configuration changes, restart the SNMP agent by typing: /etc/init.d/snmpd restart.
Configuring The SNMP Agent On Systems Running Supported VMware ESX 4.X Operating Systems To Proxy
VMware MIBs
The ESX 4.X server can be managed through a single default port 162 using the SNMP protocol. To do this, snmpd is
configured to use the default port 162 and
167. Any SNMP request on the VMware MIB branch is rerouted to the vmware-hostd using the proxy feature of the
snmpd daemon.
The VMWware SNMP configuration file can be modified manually on the ESX server or by running the VMware Remote
Command-Line Interface (RCLI) command, vicfg-snmp, from a remote system (Windows or Linux). The RCLI tools can
be downloaded from the VMware website at vmware.com/download/vi/drivers_tools.html.
To configure the SNMP agent:
1.Edit the VMware SNMP configuration file, /etc/vmware/snmp.xml, either manually or run the following vicfg-snmp commands to modify the SNMP configuration settings. This includes the SNMP listening port, community
string, and the trap target ipaddress/port, and trap community name and then enable the VMware SNMP service.
22
vmwarehostd is configured to use a different (unused) port, for example,
a. vicfg-snmp.pl --server <ESX_IP_addr> --username root --password <password>
-c <community name> -p X –t <Destination_IP_Address> @162/ <community
name>
Where represents an unused port. To find an unused port, check the /etc/services file for the port assignment
for defined system services. Also, to make sure that the port selected is not currently being used by any
application or service, run the following command on the ESX server: netstat –a command
NOTE: Multiple IP addresses can be entered using a comma-separated list.
To enable VMWare SNMP service, run the following command:
b. vicfg-snmp.pl --server <ESX_IP_addr> --username root --password <password>
- E
To view the configuration settings, run the following command:
c. vicfg-snmp.pl --server <ESX_IP_addr> --username root --password <password>
-s
The following is an example of the configuration file, after modification:
<?xml version="1.0">
<config>
<snmpSettings>
<enable> true </enable>
<communities> public </communities>
<targets> 143.166.152.248@162/public </targets>
<port> 167 </port>
</snmpSettings>
</config>
2.Stop the SNMP service if it is already running on your system by entering the following command: service
snmpd stop
3.Add the following line at the end of the /etc/snmp/snmpd.conf file: proxy -v 1 -c public udp:
127.0.0.1:X .1.3.6.1.4.1.6876
Where X represents the unused port specified above, while configuring SNMP.
4.Configure the trap destination using the following command: <Destination_IP_Address>
<community_name>
The trapsink specification is required to send traps defined in the proprietary MIBs.
5.Restart the mgmt-vmware service with the following command: service mgmt-vmware restart
6.Restart the snmpd service with the following command: service snmpd start
NOTE: If the srvadmin is installed and the services are already started, restart the services as they depend on
the snmpd service.
7.Run the following command so that the snmpd daemon starts on every reboot: chkconfig snmpd on
8.Run the following command to ensure that the SNMP ports are open before sending traps to the management
station: esxcfg-firewall -e snmpd.
Configuring The SNMP Agent On Systems Running Supported VMware ESXi 4.X And ESXi 5.X Operating
Systems
Server Administrator supports SNMP traps on VMware ESXi 4.X and ESXi 5.X. If a stand-alone license is only present,
SNMP configuration fails on VMware ESXi operating systems. Server Administrator does not support SNMP Get and Set
operations on VMWare ESXi 4.X and ESXi 5.X as the required SNMP support is unavailable. The VMware vSphere
Command- Line Interface (CLI) is used to configure systems running VMware ESXi 4.X and ESXi 5.X to send SNMP traps
to a management station.
23
Loading...
+ 52 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.