From owner-freebsd-questions@FreeBSD.ORG Thu Jun 17 16:38:16 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 475EF106567C for ; Thu, 17 Jun 2010 16:38:16 +0000 (UTC) (envelope-from korvus@comcast.net) Received: from mx04.pub.collaborativefusion.com (mx04.pub.collaborativefusion.com [206.210.72.84]) by mx1.freebsd.org (Postfix) with ESMTP id 0472B8FC12 for ; Thu, 17 Jun 2010 16:38:15 +0000 (UTC) Received: from [192.168.2.164] ([206.210.89.202]) by mx04.pub.collaborativefusion.com (StrongMail Enterprise 4.1.1.4(4.1.1.4-47689)); Thu, 17 Jun 2010 12:36:43 -0400 X-VirtualServerGroup: Default X-MailingID: 00000::00000::00000::00000::::304 X-SMHeaderMap: mid="X-MailingID" X-Destination-ID: freebsd-questions@freebsd.org X-SMFBL: ZnJlZWJzZC1xdWVzdGlvbnNAZnJlZWJzZC5vcmc= Message-ID: <4C1A4F76.4050806@comcast.net> Date: Thu, 17 Jun 2010 12:38:14 -0400 From: Steve Polyack User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.7) Gecko/20100311 Thunderbird/3.0.1 MIME-Version: 1.0 To: Martin Turgeon References: <4C1A471B.906@optiksecurite.com> In-Reply-To: <4C1A471B.906@optiksecurite.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Hardware monitoring with iDRAC6 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2010 16:38:16 -0000 On 06/17/10 12:02, Martin Turgeon wrote: > Hi again everyone, > > I just realized after posting my question on optimal RAID config that > the best solution for hardware monitoring would be to use the > integrated iDRAC6. I have the Express version (no dedicated port). I > have never worked with DRAC cards and I would like to know your > opinions about the best way to use it for hardware monitoring. I'm not > really planning on using the remote control features, but it would be > nice too. In addition to using DRAC notifications for hardware events, I would suggest that you still run some local checks on the system itself (Nagios checks via NRPE). There are several checks available that check the status of the PERC controller and drives using mfiutil, amrstat, or MegaCLI. > > As I understand it, I have to configure an additional IP for iDRAC. In > my case, the servers are going to be installed in a colocation > datacenter so I guess I have to reserve an additional public IP for > each servers so I can access the iDRAC remotely? What are the securiy > implications? This depends on what your options are - if you're colocating one server, they may be pretty slim. In any case, I would strongly advise not putting it out there on an unrestricted public address. I'm not sure of the DRAC's history of security issues, but keep in mind that someone using it essentially has physical access to your server. If you have to put it out there on the internet, be sure to create a new user on the iDRAC and disable the existing root account. > > I'm also configuring a Nagios installation for monitoring. Is there a > way to plug iDRAC with Nagios to handle the notifications (snmp > maybe)? Or should I configure an email alert in the iDRAC config (I > assume there is a way to do that)? > You can configure the iDRAC to send SNMP traps, or even e-mails for hardware events.