Avaya Converged Platform 130 Series. idrac9 Best Practices

Similar documents
BM32 Button Module User Guide

Avaya Aura 6.2 Feature Pack 2

Installing and Upgrading Avaya Aura System Manager

Troubleshooting Avaya Aura TM Presence Services

Avaya Communications Process Manager Release 2.2 Web Portal Help for Administrative Users

Avaya one-x Mobile Site Survey for the Avaya Communication Manager Environment

Integrated Management 6.0 Site Administration Release Notes Service Pack 1

Avaya Contact Center Express Release 5.0 XMPP Gateway

Avaya Contact Center Express Release 4.1 XMPP Gateway

16xx/96xx Amplified Speech Handset Installation and Use

Avaya Meeting Exchange Web Portal 5.0 Release Notes

Avaya Session Border Controller for Enterprise 6.3 SP4 Release Notes

Avaya Communications Process Manager Release 2.2 Web Portal Help for Non-administrative Users

Release Notes for Avaya Proactive Contact 5.0 Agent. Release Notes for Avaya Proactive Contact 5.0 Agent

Integrated Management 5.2 Voice Announcement Manager stand-alone application Release Notes

Authentication File System (AFS) User Guide

Migrating from Intuity Audix LX R 1.1 to Communication Manager Messaging R Stand-Alone

Avaya one-x Portal Site Survey/Pre-Installation Checklist

Avaya Web Conferencing Administrator's Guide

Avaya Call Management System Release 15 Change Description

Avaya CT for Siebel 7 Version 4.0 Release Notes

Avaya CMS Supervisor Reports

Avaya Callback Assist Release Notes

Administering Avaya Enhanced Caller ID (ECID)

Avaya Contact Center Express Release 4.1 License Director User Guide

Intelligent Customer Routing Release Notes

Avaya Scopia Mobile Android Release (SP12)

Telset Administration

BCM50 Rls 6.0. Router IP Routing. Task Based Guide

Avaya Integrated Management Release 5.2 Secure Access Administration

Avaya Software Keycode Installation Guide

AG/SR 2330 Installation Reference

Avaya 1400 Series Digital Deskphones for Avaya Aura Communication Manager Installation and Maintenance Guide Release 1.0

Release Notes for Avaya Proactive Contact 5.0 Supervisor. Release Notes for Avaya Proactive Contact 5.0 Supervisor

Product Release Notes for Avaya Proactive Contact Supervisor

Avaya Event Processor Release 2.2 Operations, Administration, and Maintenance Interface

Converged Network Analyzer Command Reference Guide Addendum

Avaya Integrated Management Release User Administration User Guide

Release (JITC) for Breeze (SP1)

Avaya CT for Siebel 7 Release 4.0 User Guide

Avaya Call Management System CMS Upgrade Express (CUE) Customer Requirements

Avaya Aura Experience Portal Release 6.0 Service Pack 2 Intelligent Customer Routing

Implementing Avaya Flare Experience for Windows

Using Manage Alarm Tool

Microsoft Outlook Synchronization Readme. How to use to tool

Avaya Call Management System Network Reporting

Avaya one-x Communicator Centralized Administration Tool

Release Notes for Avaya Aura Appliance Virtualization Platform Release

IP Office. IP Office Mailbox Mode User Guide Issue 11b - (15 May 2010)

IP Office 6.1 Embedded Voic Mailbox User Guide

4601 IP Telephone User Guide

Maintaining and Troubleshooting Avaya one-x Agent

Avaya one-x Quick Edition Release System Administrator Guide

WLAN Release Notes. Release Notes for Avaya Wireless Orchestration System (WOS) Version Avaya Inc - External Distribution

Integrated Management - Network Management 6.0 Release Notes

Avaya CallPilot Mini Message Networking User Guide

Avaya Message Networking 6.3 GA Release Notes

Avaya Meridian Integrated RAN Release 2.0 Telephone Set-Based Administration User Guide. Avaya Communication Server 1000 Release 7.

IP Office Release 7.0 IP Office Essential Edition - Quick Version Embedded Voic User Guide

WLAN Location Engine 2340 Using the Command Line Interface

Avaya Aura 6.2 Feature Pack 3

Avaya Interaction Center Release 7.1 Avaya Agent User Guide

Integrated Management 5.2 Administration Tools Release Notes Service Pack 2

IP Office Intuity Mailbox Mode User Guide

IP Office IP Office ContactStore 7.8

IP Office 9.0 IP Office Server Edition Reference Configuration

Avaya Client Applications Configurator User Guide

Avaya Branch Gateways 6.3 (build ) Release Notes

Avaya one-x Mobile 5.2 SP6 Release Notes

IP Office 4.2 Embedded Voic Mailbox

Avaya Message Networking 6.3 Service Pack1 Patch1 Release Notes

Avaya one-x Mobile User Guide for Windows Mobile

Avaya one-x Quick Edition Release G10 PSTN Gateway Installation Guide

Avaya one-x Mobile User Guide for iphone

Release Notes for Avaya Proactive Contact Supervisor

Avaya 3100 Mobile Communicator - Web UI User Guide. Avaya 3100 Mobile Communicator Release 3.1

Using Avaya one-x Agent

Avaya Proactive Contact Release 4.1 Administering Avaya Proactive Contact (Linux-based Interface)

WLAN Release Notes. Release Notes for Avaya Wireless Orchestration System (WOS-E) Version Avaya Inc - External Distribution

BCM50 Rls 6.0. Router - IP Firewall. Task Based Guide

Modular Messaging. Release 3.0 / 3.1 /4.0. Diminished Permissions for Exchange.

User Guide for Avaya Equinox Add-in for IBM Lotus Notes

Avaya CallPilot 5.0 Library Listing

Avaya Aura Call Center Elite Multichannel Documentation Roadmap

Avaya Aura Session Manager Release 6.1 Service Pack 7 Release Notes

Avaya IP Agent Release 6.0 Installation and User Guide

BCM Rls 6.0 DHCP. Task Based Guide

Avaya Equinox VDI Release 3.0 Service Pack 1

Avaya Call Management System Switch Connections, Administration, and Troubleshooting

Avaya Communication Manager with Survivable SIP Gateways Solution Implementation Guide

Avaya Aura System Platform Overview

Avaya one-x Mobile User Guide for Palm Treo

Administering Avaya Control Manager for Avaya Agent for Desktop

Avaya one-x Mobile User Guide for J2ME

Avaya one-x Mobile 5.2 GA Release Notes

BCM Rls 6.0. ipview WallBoard. Task Based Guide

Avaya Aura Session Manager Release 6.2 Service Pack 4 Release Notes

> Port Mirror via SMLT Cluster Technical Configuration Guide. Ethernet Routing Switch 8600/8800. Engineering. Avaya Data Solutions

Avaya 1120E IP Deskphone User Guide. Avaya Business Communications Manager Release 6.0

Avaya one-x Mobile User Guide for J2ME

Transcription:

Avaya Converged Platform 130 Series idrac9 Best Practices Release 4.0 December 2018

2018 Avaya Inc. All Rights Reserved Notice While reasonable efforts were made to ensure that the information in this document was complete and accurate at the time of printing, Avaya Inc. can assume no liability for any errors. Changes and corrections to the information in this document might be incorporated in future releases. Documentation disclaimer Avaya Inc. is not responsible for any modifications, additions, or deletions to the original published version of this documentation unless such modifications, additions, or deletions were performed by Avaya. Customer and/or End User agree to indemnify and hold harmless Avaya, Avaya's agents, servants and employees against all claims, lawsuits, demands and judgments arising out of, or in connection with, subsequent modifications, additions or deletions to this documentation to the extent made by the Customer or End User. Link disclaimer Avaya Inc. is not responsible for the contents or reliability of any linked Web sites referenced elsewhere within this documentation, and Avaya does not necessarily endorse the products, services, or information described or offered within them. We cannot guarantee that these links will work all the time and we have no control over the availability of the linked pages. Warranty Avaya Inc. provides a limited warranty on this product. Refer to your sales agreement to establish the terms of the limited warranty. In addition, Avaya s standard warranty language, as well as information regarding support for this product, while under warranty, is available through the Avaya Support Web site: http://www.avaya.com/support License USE OR INSTALLATION OF THE PRODUCT INDICATES THE END USER'S ACCEPTANCE OF THE TERMS SET FORTH HEREIN AND THE GENERAL LICENSE TERMS AVAILABLE ON THE AVAYA WEB SITE http://support.avaya.com/licenseinfo/ ("GENERAL LICENSE TERMS"). IF YOU DO NOT WISH TO BE BOUND BY THESE TERMS, YOU MUST RETURN THE PRODUCT(S) TO THE POINT OF PURCHASE WITHIN TEN (10) DAYS OF DELIVERY FOR A REFUND OR CREDIT. Avaya grants End User a license within the scope of the license types described below. The applicable number of licenses and units of capacity for which the license is granted will be one (1), unless a different number of licenses or units of capacity is specified in the Documentation or other materials available to End User. "Designated Processor" means a single stand-alone computing device. "Server" means a Designated Processor that hosts a software application to be accessed by multiple users. "Software" means the computer programs in object code, originally licensed by Avaya and ultimately utilized by End User, whether as stand-alone Products or pre-installed on Hardware. "Hardware" means the standard hardware Products, originally sold by Avaya and ultimately utilized by End User. License type(s) Copyright Except where expressly stated otherwise, the Product is protected by copyright and other laws respecting proprietary rights. Unauthorized reproduction, transfer, and or use can be a criminal, as well as a civil, offense under the applicable law.

Contents Contents Contents... 3 Overview... 4 idrac Implementation Rules... 5 idrac9 Security Features... 6 Avaya ACP 130 Recommended idrac9 Configuration Instructions... 7 idrac User Configuration... 11 How to Add a User... 13 Network Security... 14 idrac9 Web Server Settings... 16 idrac9 Certificates... 17 Conclusion... 18 Page 3

Overview Overview The Integrated Dell Remote Access Controller (idrac) is designed to make system administrators more productive and improve the overall availability of Dell systems. The Dell idrac alerts administrators to system issues, help them perform remote system management and, reduce the need for physical access to the system. Page 4

idrac Implementation Rules idrac Implementation Rules idracs are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the internet. Doing so could expose the connected system to security and other risks for which Avaya is not responsible. Along with locating idracs on a separate management subnet, users should isolate the management subnet/vlan with technologies such as firewalls, and limit access to the subnet/vlan to authorized server administrators. Page 5

idrac9 Security Features idrac9 Security Features idrac provides a host of security features that should be utilized where applicable in accordance with your Corporation s Network Security Policy Custom signing certificate for Secure Socket Layer (SSL) certificate. User authentication through Microsoft Active Directory, generic Lightweight Directory Access Protocol (LDAP) Directory Service. (idrac9 Enterprise only) Two-factor authentication using the Smart Card logon feature. The two-factor authentication is based on the physical smart card and the smart card PIN. (idrac9 Enterprise only) Single Sign-On and Public Key Authentication. (idrac9 Enterprise only) Role based authorization, to configure specific privileges for each user. SNMPv3 authentication for user accounts stored locally in the idrac. It is recommended to use this, but it is disabled by default. User ID and password configuration. Set user passwords and BIOS passwords using one-way hash format for improved security. FIPS 140-2 Level 1 capability. Support for TLS 1.2, 1.1, and 1.0. Avaya requires this setting be set to TLS 1.2. Note: The base ACP 130 server comes with idrac9 Express. If the Enterprise license security features mentioned above are required, then the Enterprise license will need to be purchased. Additional Information about these security features can be found here: http://en.community.dell.com/techcenter/systems-management/w/wiki/3204.idrac9-home THE INFORMATION PROVIDED IN HEREIN IS PROVIDED AS IS WITHOUT ANY EXPRESS OR IMPLIED WARRANTY. This document is intended to provide general information and is not part of any agreement you may have with Avaya related to your purchasing and/or licensing of Avaya products, services, warranty, maintenance and/or support. Avaya is a registered trademark of Avaya Inc. All non-avaya trademarks are the property of their respective owners. Page 6

Avaya ACP 130 Recommended idrac9 Configuration Instructions Avaya ACP 130 Recommended idrac9 Configuration Instructions The following section describes how to configure an idrac9 interface using the idrac settings utilities. You must configure the initial network settings based on your network infrastructure to enable the communication to/from the idrac. As stated above ensure you are in accordance with your Corporation s Network Security Policies. You can configure the idrac s IP address statically or assign an IP address via DHCP. By default, the idrac is set to use the dedicated idrac port of the server. Shared NIC is also supported, but not recommended. Avaya highly recommends use of the dedicated idrac interface for network security. Dedicated idrac port The idrac9 NIC port will come disabled and will require enablement before use. How to enable and configure the idrac Network Interface using the idrac settings utility (F2 during server startup): 1. Connect Monitor, USB keyboard and mouse to server. 2. Power on the Dell R640. Page 7

Avaya ACP 130 Recommended idrac9 Configuration Instructions 3. Select <F2> when prompted from the Dell Splash screen to enter System Setup. 4. In the System Setup Main Menu page, select idrac Settings. The idrac Settings page is displayed. 5. Select Network. The Network page is displayed. 6. Enable the NIC if set to disabled. 7. Ensure NIC selection is set to Dedicated. If shared NIC is preferred, make the change in this field. Avaya highly recommends keeping the idrac NIC interface on a separate, dedicated secure network(not shared). Page 8

Avaya ACP 130 Recommended idrac9 Configuration Instructions 8. Scroll down and set Enable IPV4 to Enabled and then select either DHCP enabled or disabled. If DHCP is disabled, then the idrac static IP address can be populated. Fill in the details for idrac static IP Address, subnet mask, and gateway. Alternatively, if DHCP is enabled for the idrac network interface the IP address will be assigned automatically. Ensure that DHCP is enabled in your network environment if idrac DHCP is enabled. Below is an example screen of the idrac9 IP Static address assignment. 9. Select Back, click Finish, and then click Yes. The network information is saved, and the system will reboot. Page 9

Avaya ACP 130 Recommended idrac9 Configuration Instructions idrac9 IP address configuration is now complete. The idrac Web User Interface can now be reached with any supported browser (IE, Firefox, Chrome, Safari). Web interface GUI is shown below. Page 10

idrac User Configuration idrac User Configuration Follow these steps to configure idrac user accounts: Important: Ensure that you change the default user name and password when initially logging into idrac web interface. Avaya servers ship with a unique factory generated password. It is displayed on the pullout label on the front of the server. The default username will be root. Open a browser window and type in the idrac9 IP address in the address field to log into the server. Using the credentials of Login: root and Password:<Factory Generated Password> At the first login, the user will be prompted to change the password. Avaya recommends setting a complex password which would contain at least 8 characters and have each of the following: 1. One special character 2. One upper case letter 3. One digit Page 11

idrac User Configuration The idrac password can also be set through direct console. The location to change the idrac password is located at System setup idrac settings User Configuration. Recommended Role Based Access Control: Initially, there should be only one user(root) account with admin privileges. Avaya recommends not to use the root account other than for initial user configuration. Avaya recommends having only 2 user accounts with admin privileges to minimize malicious behavior. Multiple users can be added with different user roles. Only create user accounts with the minimum permission requirements needed for the user. There are 4 types of user roles available, they can be customized to a finer granularity using individual check box selections. See below. Administrator Operator Read-Only Only login access None no access Page 12

How to Add a User How to Add a User A new user can be added based on their role. The setting can be found at idrac Settings Users Add. As per requirements, a new user can be added with different privilege levels. User role of None can be created with User privileges adjusted for that individual s needs. Caution: Avaya recommends having 2 users with admin level privileges with a complex password set for those accounts. Moreover, Microsoft AD or LDAP can also be integrated to make the idrac interface more secure. Please refer to Dell s documentation to access idrac using Microsoft AD or LDAP. The link provides a Dell document describing the steps on how to integrate idrac with Microsoft s AD. LDAP or Active Directory Services can be accessed at idrac Settings -> Users -> Directory Services Page 13

Network Security Network Security Additional security can be added to the idrac interface by allowing only a specific range of IP addresses to access the idrac. Administrators can specify the range of IP addresses using the IP address and IP Range Subnet Mask. This can be done through the idrac settings listed under Advanced Network Settings. These settings can be found at idrac Settings -> Connectivity -> Network -> Advanced Network Settings. If you opt to use this setting, then change the IP range enabled button to enabled and restrict the network range that you want to allow by setting the IP address and Subnet Mask. Administrators can specify a single, multiple or range of IP addresses using the IP Range Subnet Mask. Avaya encourages use of this feature if possible to strictly contain access to the idrac. To allow only one IP to access the idrac9 interface, set an IP in the IP Range Address field and set the IP Range Subnet Mask as 255.255.255.255. See above. Page 14

Network Security IP Blocking Feature: The IP Blocking feature allows for penalty time blocking out of IP addresses that have a failed number of login attempts. Failed count is also settable. IP Blocking Fail Count: Max no. of failed attempts allowed before the user is blocked. IP Blocking Fail Window: The time in seconds for which the user can t login to idrac. Page 15

idrac9 Web Server Settings idrac9 Web Server Settings The SSL encryption and TLS protocol settings can also be changed to make the idrac web interface more secure. The options to change these settings are found at idrac Settings - Services Web Server. Set to TLS Protocol to TLS 1.2 Only as shown below. Page 16

idrac9 Certificates idrac9 Certificates idrac9 SSL Certificate Uploading, Downloading, Generation and Custom Certificate Signing: The idrac SSL Certificate features are located here: idrac Settings -> Connectivity -> SSL -> SSL Certificate. Custom SSL Certificate Signing is also supported. See below The idrac allows users to generate their own Certificate Signing Request if required. Page 17

Conclusion Conclusion The idrac9 interface is a powerful and valuable tool for managing and maintaining the Dell R640 server platform. Key measures must be taken to keep it secure. It is expected that users implement as many of the security measures cited in this document as possible. Even with a secure idrac interface, the user must also secure the network that it is utilizing. If idrac network security is compromised, user permissions are not properly assigned, user passwords are not complex, and/or the interface is breached then Avaya is not responsible. Page 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback