CAUTION: These features severely limit the ability of the local user to

configure the iDRAC6 from the local system, including performing a reset to default of the configuration. It is recommended that you use these features with discretion. Disable only one interface at a time to help avoid losing login privileges altogether.

NOTE: See the white paper on Disabling Local Configuration and Remote Virtual KVM in the DRAC on the Dell Support site at support.dell.com for more information.

Although administrators can set the local configuration options using local RACADM commands, for security reasons they can reset them only from an out-of-band iDRAC6 Web-based interface or command line interface.

The cfgRacTuneLocalConfigDisable option applies once the system power-on self-test is complete and the system has booted into an operating system environment. The operating system could be one such as Microsoft Windows Server or Enterprise Linux operating systems that can run local RACADM commands, or a limited-use operating system such as Microsoft Windows Preinstallation Environment or vmlinux used to run Dell OpenManage Deployment Toolkit local RACADM commands.

Several situations might call for administrators to disable local configuration. For example, in a data center with multiple administrators for servers and remote access devices, those responsible for maintaining server software stacks may not require administrative access to remote access devices. Similarly, technicians may have physical access to servers during routine systems maintenance—during which they can reboot the systems and access password-protected BIOS—but should not be able to configure remote access devices. In such situations, remote access device administrators may want to disable local configuration.

Administrators should keep in mind that because disabling local configuration severely limits local configuration privileges—including the ability to reset the iDRAC6 to its default configuration—they should only use these options when necessary, and typically should disable only one interface at a time to help avoid losing login privileges altogether. For example, if administrators have disabled all local iDRAC6 users and allow only Microsoft Active Directory directory service users to log in to the iDRAC6, and the Active Directory authentication infrastructure subsequently fails, the administrators may be unable to log in. Similarly, if administrators have disabled all local configuration and place an iDRAC6 with a static IP address on a network that already includes a Dynamic Host Configuration Protocol (DHCP) server, and the DHCP server subsequently assigns the iDRAC6

Configuring Security Features

347

Page 347
Image 347
Dell IDRAC6 manual 347