Wednesday, November 2, 2011

Configure a Custom DRAC Port

Why is this helpful?
For clients with a single static IP address, port 443 (the default) may already be forwarded to another server/application within the client network, such as a secure website or internal exchange server.
Static IPs cost money and let's face it, buying one just for a DRAC card will be a hard sell.

Changing the DRAC server HTTPS port from 443 to a custom port will enable you to enable external/remote access for the DRAC interface in addition to other HTTPS resources externally all without having to purchase more static IP Addresses.

Once the DRAC has been given a custom port, it can be configured in port forwarding of the router/firewall. The custom port, along with TCP ports 5900-5901 (or custom console redirection ports) will need to be forwarded to your DRAC in order for it to forward correctly.

Audience
You should be a Server or Network Administrator and not be afraid of command-line to perform the following.

Prerequisites
  • This process requires remote access and a specific tool (racadm) that Dell Open Manage Server Administrator installs on the server.
  • This process requires that web access be already configured with an internal IP address for the DRAC card and that the DRAC is online and functioning properly.
Process (step-by-step)


Warning!
It's important to note that all future racadmcommands will require the custom port to be part of the command once this setting is changed. Be sure to document what you changed it to and also enable telnet (future article) for ease of administration.

Also, enabling external access to a resource should be done cautiously and ever effort to remain secure should be made.

Proceed at your own risk!

This process outlines how to use racadm command line utility to remotely set the desired options/settings in the DRAC card configuration.  This can also be done via a telnet interface; which would simplify the process by removing the –r, –u, and –p options.
I recommend that once this process is done, you should also enable telnet access to the DRAC so that it is easier to determine what the custom port setting is and modify it again after it has been changed.
  1. Open an elevated Command Prompt window.
  2. Determine a custom port to use for the DRAC interface that is not currently desired to be forwarded from the internet.  Be sure not to use one of the standard ports if other services are intended to be forwarded at a later date.
    See
  3. Verify that racadm is installed on the server (with Open Manage Installed)
    1. Type racadm help in command prompt.  If it gives you anything back, it’s installed.
  4. Get the current DRAC port configuration
    1. Type racadm –i –r <IP ADDRESS of DRAC>:<PORT> getconfig –g cfgRacTuning and press Enter.
      1. The –i prompts you for username and password.  You can substitute –u <username> -p <password> for –i if desired.
      2. The :<PORT> is not required unless a custom port is already in use (not 443). Also, do not type the <> brackets.
      3. Example: racadm –i –r 192.168.0.4 getconfig –g cfgRacTuning
    2. Follow the prompts to enter an administrator username and password for the DRAC connection and press Enter.
    3. Review the cfgRacTuneHttpsPort setting.  The value will either be in hex or decimal (depending on the DRAC model).  If the setting is in HEX, you will need to configure the port using HEX and vice-versa.
  5. Change the default DRAC port to a custom port
    1. Type racadm –i –r <IP Address of DRAC>:<PORT> config –g cfgRacTuning –o cfgRacTuneHttpsPort <Custom_Port> and press Enter.
      1. <Custom_Port> should be a HEX or DEC value based on the previous getconfig information in the previous step. Leave out the <> brackets when setting this value.
      2. Example: racadm –i –r 192.168.0.4 config –g cfgRacTuning –o cfgRacTuneHttpsPort 0x1bc (set the https port from 443 to custom port 444)
      3. Hint: the built-in windows calculator can do HEX conversions via the ViewàProgrammer (Windows 7) or ViewàScientific (Previous versions) calculator option.
    2. Follow the prompts to enter an administrative username and password for the DRAC connection and press Enter.
    3. This process can take a few minutes. Be patient and test access via the new port in a few minutes.
If you have multiple DRACs, you may also need to re-configure the Console Redirection port from the default (5900). This is done via cfgRacTuning with option cfgRacTuneConRedirPort. View the output of the current DRAC configuration (process above) for the current setting.

No comments: