Storage

What you need to know about the Dell DRAC


So you've started using Dell servers and have been wondering what the DRAC is all about? The DRAC, simply put, is a system management interface. It's available on most PowerEdge server models and has its own network interface for connectivity separate of that of your operating system. From the DRAC you can manage media, power, integrated system log messages, and have a remote view of the console. The DRAC is the weaker cousin of the Hewlett Packard Integrated Lights-Out (iLO) yet provides similar functionality.

Configuration basics

For most PowerEdge models, the DRAC exists as an option that you can add to your server configuration. This option adds approximately $300 at list price to your server configuration, but it's worth the cost. The DRAC on current models is a separate chipset and board that is connected to the server main board with its own network interface as well as a direct configuration accessible during system initialization.

DRAC Defaults and Initial Access

The DRAC has a default TCP/IP address that is a board default you can change during initialization. You should change the default security credentials as well. When the DRAC initializes, you can enter into a configuration screen to get the basic IP address and credentials set. Once this is set, you can further access the system through the web-based interface. Figure A shows the DRAC initialization on a current PowerEdge 6850:

Figure A 

DRAC initialization

In this case, pressing Ctrl-D will take you into the DRAC board setup where you can make basic settings changes. Once you configure the IP address is configured, it would be a good idea to configure additional users and the timeout values for the network sessions. The default session timeout value is five minutes, which may be a little tight for most situations. For DRAC 4 systems, this is configured in the configuration, network, GUI session timeout value.

There are slight differences in the DRAC's web interface across models. A current PowerEdge 6850 has a DRAC 4/P, whereas a current PowerEdge 2950 has a DRAC 5 option available. This denotes fourth and fifth generation of the DRAC. Functionally, the versions are equivalent but the web interface varies in appearance between generations.

DRAC media management

Probably the strongest feature of the DRAC is the media redirection capability. From the web interface, you can redirect the server's CD-ROM and floppy media to that of your web client or an image file. The best application for this is for a brand new server and no operating system is installed. With DRAC media redirection, a CD-ROM .ISO image of an operating system can be configured to be the CD-ROM and the installation can proceed from the virtual CD-ROM without physical media being inserted into the server.

The one caveat to watch for is the boot order in the BIOS. Frequently, the default configuration will have the DRAC's redirected CD-ROM as a bootable device - but, if it's below the physical CD-ROM it may not boot correctly. In the BIOS, it is listed as "Virtual CD-ROM" and the equivalent for the floppy drive. Figure B shows a sample redirection of the CD-ROM drive to an image file within the browser.

Figure B

Remote Power Control and Console

The DRAC provides the ability to remotely power off, power on, reset, and power cycle the system, regardless of the state of the operating system. This is especially handy in situations such as the blue screen of death or otherwise failed system that no native interaction can resolve. Be especially careful with the use of the remote power controls since this is one feature that always does as it is told. The security models in place can allow you to prohibit the power controls, called "server control commands." You should consider in larger environments.

The DRAC console also provides a redirection of the video display, also regardless of the operating system state. So, you could connect and see the blue screen of death, jump into the server's BIOS to configure the boot order, install an operating system, or view the console of the operating system as it's running. There are two sessions to the console permitted in most configurations. Note that these two sessions may be in addition to an operating system method, a physical console session, and any additional hardware - such as a keyboard, video, mouse controller or software such as PC Anywhere. Figure C shows a DRAC session at the computer initialization.

Figure C

One downside of the DRAC is that on certain models if the DRAC is selected, the onboard video (both rear and front side) interfaces are rendered inoperable by the presence of the DRAC video interface. Dell usually has markers indicating that these interfaces are not available. However, these may get removed and, should you have a monitor connected to the incorrect interface, there would be no video displayed.

Firmware and other housekeeping

The DRAC has a firmware that's separate from the computer's firmware. From support.dell.com, you can download the appropriate firmware for the DRAC model in your system. The DRAC can also provide you the service tag, making the retrieval easier. I recommend that you keep this firmware up to date as inevitably some piece of functionality may not work correctly on the firmware you currently have on the unit. This is where, in my experience, the iLO has been a better remote management device. The DRAC firmware should be updated, whereas you didn't used to have to worry about the iLO firmware.

Be sure to note that within the DRAC you have access to the integrated system logs. This would include notes such as power supply failed, chassis opened, or a memory module failure. The DRAC 5 can even provide running temperatures on the system board. This can be especially beneficial in remote, harsh environment situations where unexpected results are occurring and thermal data would identify an issue. The DRAC also allows for Active Directory integration, certificate management, SNMP traps, and basic email alerting for the status of the device.

Enough to get started!

Above all else, if you have the DRAC unit on your systems - configure them. If security concerns are high with the device, have the device configured - but from the network configuration disable the port and enable on an as-needed basis. This crash course on the DRAC should be enough to get you started on ways to save you time and increase your administrative agility.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

7 comments
anitra.davis
anitra.davis

Does anyone know how to get the graphical remote console to work via the ERA port on the PE2650? Every time I try to access via Remote Access > Console Redirect my console client goes blank and the message "Warning: Remote Console Not Available" appears at the bottom. Please see system details below: PowerEdge 2650 BIOS A19 OMSA 5.4.0 DRAC Version 3.14 Dell Embedded Remote Access (ERA)Version 3.38 Any advise or assistance that anyone could provide would greatly appreciated.

mandms7
mandms7

Are there any security concerns I should have of a hacker somehow gaining access to the DRAC and having a back door entrance into our internal network. For example, let's say I have a public web server in a DMZ. I then configure and connect a DRAC directly into my internal network for management. Would there be any way for a hacker, connecting to the web server from the outside, to somehow use the DRAC to gain direct access into our internal network?

b4real
b4real

I'd just recommend super complex passwords. One practice I came across was for DRAC and iLO type interfaces is to disable the LAN port on your managed switch except when it is specifically required.

icedivr
icedivr

From the server, you can configure the DRAC card with a commmand-line application, but to use the card, you have to be able to route traffic to it, as if it were another device on the network. As long as machines in the DMZ can't do that, you're ok.

icedivr
icedivr

With the DRAC 5 series, the card can share NICs with the server, and also do vlan tagging. This has two benefits: connectivity to the DRAC can fail over from one nic to the other in a high-availability installation, and your switch port count is reduced.

b4real
b4real

Yeah I know, but I don't like that as it is then less separate from the OS.