Date: Fri, 18 Jun 2010 23:19:32 +0100 From: krad <kraduk@googlemail.com> To: Steve Polyack <korvus@comcast.net> Cc: Martin Turgeon <freebsd@optiksecurite.com>, freebsd-questions@freebsd.org Subject: Re: Hardware monitoring with iDRAC6 Message-ID: <AANLkTilgqX5_gucEbUul8MaLQXYhSLh2lIdvxQgGY0TX@mail.gmail.com> In-Reply-To: <4C1A4F76.4050806@comcast.net> References: <4C1A471B.906@optiksecurite.com> <4C1A4F76.4050806@comcast.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17 June 2010 17:38, Steve Polyack <korvus@comcast.net> wrote: > On 06/17/10 12:02, Martin Turgeon wrote: > >> Hi again everyone, >> >> I just realized after posting my question on optimal RAID config that the >> best solution for hardware monitoring would be to use the integrated iDRAC6. >> I have the Express version (no dedicated port). I have never worked with >> DRAC cards and I would like to know your opinions about the best way to use >> it for hardware monitoring. I'm not really planning on using the remote >> control features, but it would be nice too. >> > In addition to using DRAC notifications for hardware events, I would > suggest that you still run some local checks on the system itself (Nagios > checks via NRPE). There are several checks available that check the status > of the PERC controller and drives using mfiutil, amrstat, or MegaCLI. > > >> As I understand it, I have to configure an additional IP for iDRAC. In my >> case, the servers are going to be installed in a colocation datacenter so I >> guess I have to reserve an additional public IP for each servers so I can >> access the iDRAC remotely? What are the securiy implications? >> > This depends on what your options are - if you're colocating one server, > they may be pretty slim. In any case, I would strongly advise not putting > it out there on an unrestricted public address. I'm not sure of the DRAC's > history of security issues, but keep in mind that someone using it > essentially has physical access to your server. If you have to put it out > there on the internet, be sure to create a new user on the iDRAC and disable > the existing root account. > > >> I'm also configuring a Nagios installation for monitoring. Is there a way >> to plug iDRAC with Nagios to handle the notifications (snmp maybe)? Or >> should I configure an email alert in the iDRAC config (I assume there is a >> way to do that)? >> >> You can configure the iDRAC to send SNMP traps, or even e-mails for > hardware events. > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > If you can afford the rack space its probably best to have a dedicated admin host with one public interface and one private one. Then put all the idracs on private ips and ideally their own vlan. Then use this admin box to relay any information back to you over the public network It could also act as a serial server, and maybe have a isdn/dsl backup line for out of band access.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTilgqX5_gucEbUul8MaLQXYhSLh2lIdvxQgGY0TX>