From owner-freebsd-questions@FreeBSD.ORG Fri Jun 18 22:19:34 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CD82106566C for ; Fri, 18 Jun 2010 22:19:34 +0000 (UTC) (envelope-from kraduk@googlemail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id C69C68FC15 for ; Fri, 18 Jun 2010 22:19:33 +0000 (UTC) Received: by fxm7 with SMTP id 7so1171823fxm.13 for ; Fri, 18 Jun 2010 15:19:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=w0P4gqcd9/JvYiTOKswFjaWWmbdHmQ9OI+Dh4AE+nc0=; b=mFveKau22cIq4v/eoSf9qK7o883GUYS9j6diOF/7RG1IRZShdp3c+JB5225jF54dr8 UJE7W2k8OpeY9GPrwUSyyRIXGASNdcD8KHSAGbLe6K/Cl5eUcnfy7gZdovUMu0FSuSEw 8b1gHE4Nz7UDPVyDGS+RpHI2/PMAl3wbdXkOY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=MQD0kQNBRfp21vqTsOZtNiKq3IhbFcRtlJ8YoKgjlvcCYJaniCMO/0OdkIBtOe3fyi gE4sWsT1zNhUFF2Z/whtdrAlrr098FR1Cqu0GBpKxsTNgyUvDnkpI2L4a3Fg7FqYmcX9 VFeWSAscIxkSCIduD6KFThBQ+9NtQQvN5c5nk= MIME-Version: 1.0 Received: by 10.239.166.148 with SMTP id b20mr99943hbe.140.1276899572624; Fri, 18 Jun 2010 15:19:32 -0700 (PDT) Received: by 10.239.165.129 with HTTP; Fri, 18 Jun 2010 15:19:32 -0700 (PDT) In-Reply-To: <4C1A4F76.4050806@comcast.net> References: <4C1A471B.906@optiksecurite.com> <4C1A4F76.4050806@comcast.net> Date: Fri, 18 Jun 2010 23:19:32 +0100 Message-ID: From: krad To: Steve Polyack Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Martin Turgeon , freebsd-questions@freebsd.org Subject: Re: Hardware monitoring with iDRAC6 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2010 22:19:34 -0000 On 17 June 2010 17:38, Steve Polyack wrote: > On 06/17/10 12:02, Martin Turgeon wrote: > >> Hi again everyone, >> >> I just realized after posting my question on optimal RAID config that the >> best solution for hardware monitoring would be to use the integrated iDRAC6. >> I have the Express version (no dedicated port). I have never worked with >> DRAC cards and I would like to know your opinions about the best way to use >> it for hardware monitoring. I'm not really planning on using the remote >> control features, but it would be nice too. >> > In addition to using DRAC notifications for hardware events, I would > suggest that you still run some local checks on the system itself (Nagios > checks via NRPE). There are several checks available that check the status > of the PERC controller and drives using mfiutil, amrstat, or MegaCLI. > > >> As I understand it, I have to configure an additional IP for iDRAC. In my >> case, the servers are going to be installed in a colocation datacenter so I >> guess I have to reserve an additional public IP for each servers so I can >> access the iDRAC remotely? What are the securiy implications? >> > This depends on what your options are - if you're colocating one server, > they may be pretty slim. In any case, I would strongly advise not putting > it out there on an unrestricted public address. I'm not sure of the DRAC's > history of security issues, but keep in mind that someone using it > essentially has physical access to your server. If you have to put it out > there on the internet, be sure to create a new user on the iDRAC and disable > the existing root account. > > >> I'm also configuring a Nagios installation for monitoring. Is there a way >> to plug iDRAC with Nagios to handle the notifications (snmp maybe)? Or >> should I configure an email alert in the iDRAC config (I assume there is a >> way to do that)? >> >> You can configure the iDRAC to send SNMP traps, or even e-mails for > hardware events. > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > If you can afford the rack space its probably best to have a dedicated admin host with one public interface and one private one. Then put all the idracs on private ips and ideally their own vlan. Then use this admin box to relay any information back to you over the public network It could also act as a serial server, and maybe have a isdn/dsl backup line for out of band access.