LC1_3.book Page 63 Monday, December 7, 2009 3:14 PM

Remote Service Features

The Dell™ Lifecycle Controller Remote Services are a set of features that allow systems management in a one-to-many mode. Remote Services capabilities use the web services based hardware management interface provided by the Lifecycle Controller firmware. They are aimed at simplifying tasks like operating system deployment, remote update and inventory, and automating the setup and configuration of new Dell systems remotely.

3

Web Services for Management

Web Services for Management (WS-MAN) is a Simple Object Access

Protocol (SOAP)-based protocol designed for systems management.

WS-MAN is published by the Distributed Management Task Force (DMTF) and provides an interoperable protocol for devices to share and exchange data across networks. The WS-MAN implementation complies with the DMTF

WS-MAN specification version 1.0.0.

Dell Lifecycle Controller - Remote Services uses WS-MAN to convey DMTF

Common Information Model (CIM)-based management information; the

CIM information defines the semantics and information types that can be manipulated in a managed system. The Dell-embedded server platform management interfaces are organized into profiles, where each profile defines the specific interfaces for a particular management domain or area of functionality. Additionally, Dell has defined a number of model and profile extensions that provide interfaces for additional capabilities. The data and methods available through WS-MAN are provided by the Lifecycle

Controller - Remote Services’ instrumentation interface mapped to the following DMTF profiles and Dell extension profiles:

Standard DMTF

• Base Server — defines CIM classes for representing the host server.

• Base Metrics — defines CIM classes for providing the ability to model and control metrics captured for managed elements.

Remote Service Features 63

LC1_3.book Page 64 Monday, December 7, 2009 3:14 PM

• Host LAN Network Port — defines CIM classes for representing a network port that provides a LAN interface to a host system, its associated controller, and network interfaces.

• Service Processor — defines CIM classes for modeling service processors.

• USB Redirection — defines CIM classes for describing information about

USB redirections. For keyboard, video, and mouse devices, this profile should be used if the devices are to be managed as USB devices.

• Physical Asset — defines CIM classes for representing the physical aspect of the managed elements.

• SM CLP Admin Domain — defines CIM classes for representing

CLP’s configuration.

• Power State Management — defines CIM classes for power control operations.

• Command Line Protocol Service — defines CIM classes for representing

CLP’s configuration.

• IP Interface — defines CIM classes for representing an IP interface of a managed system.

• DHCP Client — defines CIM classes for representing a DHCP client and its associated capabilities and configuration.

• DNS Client — defines CIM classes for representing a DNS client in a managed system.

• Record Log — defines CIM classes for representing different type of logs.

• Role Based Authorization — defines CIM classes for representing roles.

• SMASH Collections — defines CIM classes for representing

CLP’s configuration.

• Profile Registration — defines CIM classes for advertising the profile implementations.

• Simple Identity Management — defines CIM classes for representing identities.

• SSH Service — defines CIM classes for extending the management capability of referencing profiles by adding the capability to represent an

SSH service and its associated sessions in a managed system.

64 Remote Service Features

LC1_3.book Page 65 Monday, December 7, 2009 3:14 PM

• Battery — defines CIM classes for describing and setting the logical properties of the battery. Such properties include the description of the battery’s charge status and the time it takes for the battery charge to be depleted. The profile also describes operations such as recharging the battery.

Dell Extensions

• Dell Active Directory Client Version 2.0.0 — defines CIM and

Dell extension classes for configuring the Active Directory client and the local privileges for Active Directory groups.

• Dell Virtual Media — defines CIM and Dell extension classes for configuring Virtual Media. Extends the USB Redirection Profile.

• Dell Ethernet Port — defines CIM and Dell extension classes for configuring NIC Side-Band interface for the NIC. Extends the

Ethernet Port Profile.

• Dell Power Utilization Management — defines CIM and Dell extension classes for representing the host server’s power budget and for configuring/monitoring the host server’s power budget.

• Dell OS Deployment — defines CIM and Dell extension classes for representing the configuration of operating system deployment features.

It extends the management capability of referencing profiles by adding the capability to support operating system deployment activities by manipulating operating system deployment features provided by the service processor. For more information on Dell OS Deployment

functions, see "Remote Operating System Deployment Interface."

• Dell Software Update Profile — defines CIM and Dell extensions for representing the service class and methods for updating BIOS, component firmware, Lifecycle Controller firmware, Diagnostics, and Driver Pack.

Update methods support update from CIFS, NFS, FTP, and HTTP network share locations and from update images located in the Lifecycle

Controller. Update requests are formulated as jobs and can be scheduled immediately or at a later time with a choice of types of reboot action to apply the updates.

Remote Service Features 65

LC1_3.book Page 66 Monday, December 7, 2009 3:14 PM

• Dell Software Inventory Profile — Defines CIM and Dell Extensions for representing currently installed BIOS, component firmware, Diagnostics,

Unified Server Configurator, and Driver Pack versions. Also provides representation of versions of BIOS and firmware update images available in Lifecycle Controller for rollback and re-installation.

• Dell Job Control Profile — Defines CIM and Dell extensions for managing jobs generated by update requests. Jobs can be created, deleted, modified and aggregated into job queues to sequence and perform multiple updates in a single reboot.

• Lifecycle Controller Management Profile — Defines CIM and Dell extensions for getting and setting attributes for managing Auto-Discovery and Part Replacement Lifecycle Controller features.

The Lifecycle Controller - Remote Services WS-MAN implementation uses

SSL on port 443 for transport security, and supports basic and digest authentication. Web services interfaces can be utilized by leveraging client infrastructure such as Windows

®

.NET

®

.

®

WinRM and Powershell CLI, open source utilities like WS-MANCLI, and application programming environments like

Microsoft

There are additional implementation guides, white papers, profile specifications, class definition (.mof) files, and code samples available in the Dell Tech Center at www.delltechcenter.com. See:

• Lifecycle Controller area - http://www.delltechcenter.com/page/Lifecycle+Controller

• Dell CIM Extension Specifications http://www.delltechcenter.com/page/DCIM+-+Dell+CIM+Extensions

• Lifecycle Controller WS-MAN Script Center http://www.delltechcenter.com/page/Scripting+the+Dell+Lifecycle+C ontroller

For more information, also see the following:

• DTMF Web site: www.dmtf.org/standards/profiles/

• WS-MAN release notes or Readme file.

66 Remote Service Features

LC1_3.book Page 67 Monday, December 7, 2009 3:14 PM

What’s New in Remote Services 1.3

These are the new features introduced in 1.3:

• Auto-Discovery enhancements

• Remote firmware inventory and update

• Operating system deployment using Dell-licensed vFlash

• Part replacement

Auto-Discovery

The Auto-Discovery feature allows newly installed servers to automatically discover the remote management console that hosts the Provisioning Server.

The Provisioning Server provides custom administrative user credentials to the iDRAC so that the unprovisioned server can be discovered and managed by the management console.

When Auto-Discovery is enabled, the iDRAC6 requests an IP address from

DHCP and either acquires the name of the Provisioning Server host and/or subsequently resolves the address through DNS. After acquiring the

Provisioning Server host address, the iDRAC6 securely handshakes before acquiring custom administrative account credentials. The iDRAC can now be managed through its newly acquired credentials to perform operations, such as remote operating system deployment.

If you ordered a Dell system with the Auto-Discovery feature Enabled

(factory default setting is Disabled), then the iDRAC will be delivered with

DHCP-enabled and no enabled user accounts. If the auto-discovery feature is set to Disabled, you can manually enable this feature and disable the default administrative account from the iDRAC6 Configuration Utility when booting your system. For more information on Enabling and Disabling Auto-

Discovery feature, see "Auto-Discovery Configuration."

Configuring DHCP/DNS

Before adding your Dell system to the network and utilizing the Auto-

Discovery feature, ensure that Dynamic Host Configuration Protocol

(DHCP) server/Domain Name System (DNS) are configured with added

Remote Service Features 67

LC1_3.book Page 68 Monday, December 7, 2009 3:14 PM

68 support for Auto-Discovery. There are several options for enabling the network environment to support discovery of the Provisioning Server host by unprovisioned servers.

One of the following prerequisites must be met for the Auto-Discovery feature to work properly:

• The DHCP server provides a comma separated list of Provisioning Server locations using a vendor scope option of class LifecycleController option 1.

These locations can be a hostname or IP address and optionally include a port. The iDRAC will resolve the hostname of the management console to an IP address with a DNS lookup.

• The DNS server specifies a service option _dcimprovsrv._tcp that will resolve to an IP address.

• The DNS server specifies an IP address for a server with the known name

DCIMCredentialServer.

For more information on configuring DHCP and DNS, see Lifecycle

Controller Auto Discovery Network Setup Specification on the Dell Enterprise

Technology Center at www.delltechcenter.com/page/Lifecycle+Controller.

Auto-Discovery Configuration

Before enabling the Auto-Discovery feature, do the following:

1 Press <Ctrl><e> when prompted within 5 seconds during system start-up.

The iDRAC6 Configuration Utility page displays.

2 Enable NIC (for modular system only)

3 Enable DHCP.

4 Navigate to LAN Parameters.

5 Select Domain Name from DHCP.

6 Select On.

7 Select DNS Server from DHCP.

8 Select On.

9 Navigate to LAN user configuration.

10 Select Account Access.

Remote Service Features

LC1_3.book Page 69 Monday, December 7, 2009 3:14 PM

11 Select Disabled. This disables the default administrative account.

12 Save and exit iDRAC6 Configuration Utility.

13 Restart your system.

Enabling/Disabling Auto-Discovery

1 Press <Ctrl><e> when prompted within 5 seconds during system start-up.

The iDRAC6 Configuration Utility page displays.

2 Navigate to LAN User Configuration.

3 Select Auto-Discovery.

4 Select Enable to enable the Auto-Discovery feature. Select Disable to disable the Auto-Discovery feature

NOTE: Auto-Discovery feature will not run if any administrator accounts are enabled.

Auto-Discovery Workflow

This is the Auto-Discovery workflow once it is configured and enabled:

1 Plug in your new Dell system to your network

2 Plug-in the power cables to turn on the system.

3 iDRAC starts, acquires the Provisioning Server IP addresses/hostnames from DHCP/DNS and announces itself to the Provisioning Server.

4 The Provisioning Server validates and accepts the secure handshake session from the iDRAC.

5 The Provisioning Server provides custom user credentials with administrator privileges to iDRAC.

6 iDRAC receives and completes the secure handshake.

With enhancements to the Auto-Discovery process you can:

• Configure the provisioning server host address through the iDRAC

Configuration utility, USC, or using WinRM commands instead of using

DHCP or DNS.

• Remotely reinitiate Auto-Discovery in new environments.

• Upload custom client and server certificates using WS-MAN.

Remote Service Features 69

LC1_3.book Page 70 Monday, December 7, 2009 3:14 PM

70

Connecting Directly to Provisioning Server for Handshake

This feature allows you to directly connect to a specified Provisioning Server host for handshake and registration of the new server on the network. The provisioning server IP address or host name can be configured through the USC console, iDRAC6 configuration utility or preset at the factory.

Set Provisioning Server IP addresses/resolvable names

There are multiple options for setting the Provisioning Server IP address/hostname used for Auto-Discovery. You can set it through a Web services request using WS-MAN, through the USC console or through the iDRAC6 configuration utility.

Set Provisioning Server Using a WS-MAN Request

The Provisioning Server IP address property string is set by invoking the

SetAttribute() method on the DCIM_LCService class by issuing a Web services request using WS-MAN network management protocol. Command line examples of Microsoft WinRM and WSMANCLI SetAttribute() invocations are provided in the Lifecycle Controller 1.3 Interface Guide on the

Dell TechCenter wiki at www.delltechcenter/page/Lifecycle+Controller.

The following conditions apply to using a command to set the provisioning server IP address/hostname:

• Make sure to enable the Preserve Configuration option while resetting the iDRAC6 to defaults, issuing the racadm racresetcfg or updating the iDRAC6 firmware. If it is disabled, the provisioning server IP/hostname will be erased.

• The information will be used only during the next handshake process and will not be used for any handshakes in progress.

• The string can contain multiple IP addresses and/or hostnames with the following format:

• The string is a list of IP addresses and/or hostnames and ports separated by comma.

• Hostname can be fully qualified.

• IPv4 address – starts with ‘(‘ and ends with ‘)’ when specified at the same time with a hostname.

Remote Service Features

LC1_3.book Page 71 Monday, December 7, 2009 3:14 PM

• Each IP address or hostname can be optionally followed by a ‘:’ and a port number.

• Examples of valid strings are - hostname, hostname.domain.com

Setting Provisioning Server using the USC Console

1 Press <F10> System Services when prompted within 5 seconds during system start-up.

The Unified Server Configurator Lifecycle Controller Enabled page displays.

2 Navigate to Hardware Configuration -> Configuration Wizard ->

iDRAC6 Configuration.

3 Use the Next button to navigate to LAN User Configuration.

4 Navigate to Provisioning Server Addresses.

5 Enter the IP/hostname string of the Provisioning Server host.

6 Click Next and then click Apply.

7 Click Finish.

8 Click Exit and Reboot. Confirm exit.

Set Provisioning Server using iDRAC6 Configuration Utility

1 Press <Ctrl+e> when prompted within 5 seconds during system start-up.

2 The iDRAC6 Configuration Utility page displays.

3 Navigate to LAN User Configuration.

4 Select Provisioning Server.

5 Enter the IP/hostname string of the Provisioning Server host.

6 Click Enter.

7 Save and Exit the iDRAC6 Configuration Utility.

Remotely Reinitiating Auto-Discovery in New Environments

This feature allows you to reinitiate Auto-Discovery through WS-MAN, even though Auto-Discovery has taken place earlier. It can be used when you need to move a server from one data center to another. The Auto-Discovery settings will be persisted using the existing user credentials.

Remote Service Features 71

LC1_3.book Page 72 Monday, December 7, 2009 3:14 PM

72

When the server is powered on in the new data center, Auto-Discovery will run according to the settings, and will download the new user credentials for the new data center. This interface is supported using WS-MAN only, and the

WS-MAN requests require iDRAC administrator username password credentials or credentials for an iDRAC user with Execute Server Command privilege.

The supported WS-MAN interface to reinitiate Auto-Discovery includes these options:

• Whether the iDRAC will be reset to the factory default configuration equivalent to a server with being ordered with the Auto-Discover option.

Only true will be accepted as a value. This is a required input.

• Whether Auto-Discovery will run immediately or at the next iDRAC powercycle. This is a required input.

• Provisioning Server IP address/hostname. This is optional.

Regardless of the options you specify, the operations below will be performed by iDRAC as part of the next Auto-Discovery cycle:

• Enable NIC (modular servers)

• Enable IPv4

• DHCP enable

• Disable all administrator accounts

• Disable Active Directory

• Get DNS server address from DHCP

• Get DNS domain name from DHCP

The reinitiate interface and related interfaces are specified in the Dell

Lifecycle Controller Management Profile available at

www.delltechcenter.com/page/DCIM+Extensions+Library. Managed

Object Format (MOF) files for related class and method definitions are also available in the Dell TechCenter DCIM Extensions Library area. The interfaces are:

ReinitiateDHS(ProvisioningServer, ResetToFactoryDefaults,

PerformAutoDiscovery)

• ProvisioningServer: optional parameter to indicate the Provisioning Server information. This could be an IP address or a hostname.

Remote Service Features

LC1_3.book Page 73 Monday, December 7, 2009 3:14 PM

• ResetToFactoryDefaults: required parameter (TRUE or FALSE) to indicate whether the current configuration data needs to be deleted prior to the next cycle of Auto-Discovery. Only TRUE will be accepted; specifying FALSE will cause an error message indicating the parameter value is not supported. TRUE will reset iDRAC to the default values and then set iDRAC for Auto-Discovery. iDRAC will not be available until the

Auto-Discovery provisioning process is complete and the iDRAC receives the new credentials.

• PerformAutoDiscovery: required parameter to indicate when the next

Auto-Discovery cycle should be performed: immediately or at the next boot. Select Now to run the Auto-Discovery cycle immediately; select Next to run it the next time you boot your system.

SetAttribute(ProvisioningServer)

• ProvisioningServer: parameter to indicate the Provisioning Server IP address/host name.

• ClearProvisioningServer(): Method to clear the Provisioning Server property. No input parameters are required.

Using Custom Certificates

You can now transfer custom-defined certificates to the iDRAC6, and create a unique certificate based on the service tag of your system to ensure enhanced security. You can also have the factory preset the system with the certificate of your choice using the Custom Factory Install (CFI) process available from

Dell.

Creating Custom Client Certificates through WS-MAN

The DownloadClientCerts() method on the DCIM_LCService class can be called to cause a custom signed Auto-Discovery client encryption certificate to be generated. The method takes as input a Certificate Authority generated key certificate and related hash and password parameters. The key certificate provided is used to sign a certificate containing the system service tag as the Certificate Name(CN). The method returns a job ID that can be used to check the success of the download, generation, and installation of the

Auto-Discovery client private certificate. For examples of command line invocations using WinRM and WSMANCLI see the Lifecycle Controller 1.3

Web Services Interface Guide.

Remote Service Features 73

LC1_3.book Page 74 Monday, December 7, 2009 3:14 PM

74

Providing Custom Server Certificates using WS-MAN

The DownloadServerPublicKey() method on the DCIM_LCService class can be called to transfer a Provisioning Server public key certificate. The

Provisioning Server public key can be used as part of strict mutual authentication between the Auto-Discovery client and the provisioning server. The method takes as input a Provisioning Server public key certificate and related hash and hash type parameters. The method returns a job ID that can be used to check the success of the processing and installation of the

Provisioning Server public key. For examples of command line invocations using WinRM and WSMANCLI see the Lifecycle Controller 1.3 Web Services

Interface Guide. DCIM Profile specification and related MOF files are available at Dell TechCenter wiki in the DCIM Extension Library area

(www.DellTechCenter.com).

Remote Firmware Inventory

Remote firmware inventory enables a WS-MAN client to use the Web services interface provided by iDRAC to instantly retrieve the firmware and embedded software inventory of the system. The inventory, however, does not retrieve hardware-related information, such as slot number or hardware settings.

The firmware inventory feature will return an inventory of the installed firmware on devices on the system and the inventory of available

BIOS/firmware on the iDRAC6 express card Lifecycle Controller. It also returns the inventory of both the currently installed version of BIOS

/Firmware on the iDRAC6 Express card and the versions available for rollback

(N and N-1 versions) that can be installed using the remote update Web services interface.

Instant Firmware Inventory

Instant firmware inventory allows you to run an inventory independent of whether the system is turned on or off. Traditionally, the system firmware inventory was performed by downloading an inventory collector onto the operating system, executing it locally, and then gathering the results. Instant firmware inventory allows you to inventory the host platform remotely from a

WS-MAN client, even if the host is not running an operating system. iDRAC user credentials used for the WS-MAN request authentication requires

Execute Server Command privileges to request firmware and embedded

Remote Service Features

LC1_3.book Page 75 Monday, December 7, 2009 3:14 PM software inventory; it is not restricted to administrators. You can get a list of firmware for devices that are installed, and also the firmware that is available for rollback and reinstallation.

Supported Devices

Remote instant firmware inventory is supported on these devices:

• iDRAC6

• Storage controllers (RAID Series 6 and 7)

• NICs and LOMs (Broadcom)

• Power supplies

• BIOS

• Driver Pack

• USC

• Diagnostics

The instant firmware inventory class provides firmware inventory information on:

• The firmware installed in the supported devices

• The firmware versions available for installation for each device

Workflow

The DCIM_SoftwareInventory profile defines the Dell CIM data model extensions that represent installed and available to be installed versions of firmware and embedded software on the server. The firmware inventory can be accessed using the WS-MAN web services protocol.

This is the typical workflow for a request for firmware inventory using

Windows WinRM:

1 Request inventory of the system using the WinRM enumeration command for class DCIM_SoftwareIdentity.

2 Inventory instances are pulled up from the system in both system-off and system-on conditions.

3 Users that have administrator or Execute Server Command privileges can retrieve the firmware and embedded software inventory of the system.

Remote Service Features 75

LC1_3.book Page 76 Monday, December 7, 2009 3:14 PM

76

4 The enumeration request will generate a WinRM error when the UEFI system services are set to Disabled.

5 Requested inventories are collected as "Installed" and "Available" CIM instances.

6 The software currently installed on the component is listed as the

"Installed Software Instance". The key property value of this instance,

InstanceID represented as DCIM: INSTALLED :<

COMPONENTTYPE> :< COMPONENTID> :< Version> and the status value of this instance is represented as "Installed"

7 The available software in the persistent storage is listed as the Available

Software Instance. The key property value of the instance, InstanceID represented as DCIM: AVAILABLE :< COMPONENTTYPE> :<

COMPONENTID> :< Version> and the status value of this instance is represented as “Available”. Current installed software instances are also represented as available software instances.

8 Inventory instances provide input values for the update and rollback operations. To perform the update operation, pick the InstanceID value from the Installed Instance, DCIM: INSTALLED :< comptype> :< compid> :< version>. For the rollback operation pick the InstanceID

Value from the Available instance,

DCIM:AVAILABLE:<comptype>:<compid>:<version>. You will not be able to edit InstanceID values.

9 If the "version string" property value of "Available Software Instance" is equal to the "Installed Software Instance," then the InstanceID value of that Available Software Instance should not be used for the rollback operation.

10 If Unified Server Configurator (USC) is being run on the system during the inventory operation, only "Installed Instances" will be returned.

Important

• There may be DCIM_SoftwareIdentity instances for hardware that was previously installed and then removed still listed in the inventory as

"available."

• When you perform an inventory of updates using remote enablement while the system is booted to USC, the inventory may not be complete.

Some components could be missing from the list.

Remote Service Features

LC1_3.book Page 77 Monday, December 7, 2009 3:14 PM

Remote Update

Remote update, also known as out-of-band update or operating systemindependent platform update, allows you to update the system independent of the state of the operating system or the power on/off state.

Benefits of Remote Update

With Operating System independent platform update, an operating system need not be running on the system. Multiple updates can be scheduled together along with a graceful or power-cycle reboot into USC to perform the updates. Although the updates may involve intermediate BIOS restarts,

Lifecycle Controller will automatically handle them until the updates are complete.

This feature supports two methods to perform updates:

• Install from Uniform Resource Identifier (URI): This method allows a

WS-MAN request to install or update software on a host platform using a

URI. The URI consists of a string of characters used to identify or name a resource on the network. The URI is used to specify the location of the

Dell Update Package image on the network that can be downloaded to the

Lifecycle Controller and then installed.

• Install from Software Identity: This method allows update or rollback to a version that is already available on the Lifecycle Controller.

You can use a WS-MAN capable application, script or command line utility to perform a remote update. The application or script performs WS-MAN invoke method request using one of the remote update interface methods.

The iDRAC then downloads the firmware from the network share (local network share, CIFS, NFS, FTP, TFTP, http, https) URI and stages the updates to be performed at the specified time and utilizing the specified graceful, power cycle or none system reboot types.

Important

• When you perform a remote update on the Driver Pack for the system it will replace the current driver pack. The replaced driver pack will no longer be available.

Remote Service Features 77

LC1_3.book Page 78 Monday, December 7, 2009 3:14 PM

• If you have NIC cards of different families on your system, different tasks will be displayed for each NIC card family. For example, if the LOMS and the add-in NIC card are both 5709, you will see two tasks. If you have 5709

LOMS and 5710 add-in NIC card, four tasks will be displayed.

Supported Devices

Remote Update is supported on the following devices:

• iDRAC6

• RAID Series 6 and 7

• NICs and LOMs (Broadcom)

• Power supplies

• BIOS

• Driver Pack

• USC

• Diagnostics

Workflow for Remote Update from URI

1 Use the appropriate WS-MAN client to send a method invocation request to the iDRAC IP address. The WS-MAN command includes the

UpdateFromURI() method on the DCIM_SoftwareInstallationService, and the location from where iDRAC should download the Dell Update

Package (DUP). The download protocols that are supported are FTP,

HTTP, CIFS, NFS and TFTP.

2 When the WS-MAN command is invoked successfully, a Job ID will be returned back.

3 Additional UpdateFromURI() method invocation requests can be sent using WS-MAN to create other update jobs.

4 A reboot job can be created by invoking the CreateRebootJob() method on the DCIM_SoftwareInstallationService and specifying the desired reboot type. The reboot type can be graceful, power cycle or graceful with power cycle after 10 minutes.

78 Remote Service Features

LC1_3.book Page 79 Monday, December 7, 2009 3:14 PM

5 Using the update and reboot Job IDs, you can use the DCIM_JobService profile to schedule these jobs to run immediately or at future date and time. You can also use the Job ID to query the status of a job or to cancel a job.

6 All jobs will be marked successful or, if an error occurred during downloading or updating, failed. For failed jobs, the error message and error message ID for the failure are available in the job information.

Important

• After successfully downloading the DUP and extracting it, the downloader will update the status of the job as "Downloaded" and the job can then be scheduled. If the signature is invalid or if download/extraction fails then the Job status is set to "Failed" with an appropriate error code.

• Updated firmware can be viewed by requesting firmware inventory after firmware update jobs have completed.

Scheduling Remote Update

The remote update scheduling capability provides the ability to schedule or stage firmware updates now or in the future. Updates for Diagnostics and

USC can be performed directly and do not require any staging. These updates will be applied as soon as they are downloaded and do not need the Job

Scheduler. All other remote updates are staged updates, and require scheduling, using different scheduling options. The DUPs are downloaded to the Lifecycle Controller and staged, and the actual update is performed by rebooting the system into UEFI System Services.

There are multiple options for scheduling updates:

• Run updates on the desired components at a desired time.

• Run the reboot command to get a reboot job ID.

• Check on the status of any of the jobs by enumerating

DCIM_SoftUpdateConcreteJob instances and checking the JobStatus property value.

• Schedule the job using the SetupJobQueue() method on the

DCIM_JobService.

• Delete existing jobs using the DeleteJobQueue() method on the

DCIM_JobService.

Remote Service Features 79

LC1_3.book Page 80 Monday, December 7, 2009 3:14 PM

Important

USC, Diagnostics and Driver Pack updates cannot be rolled back.

Rolling Back to Previous Versions

Use the InstallFromSoftwareIdentity() method to reinstall from previous versions of firmware for a component that are stored in the Lifecycle

Controller. Instead of downloading the DUP, the

InstallFromSoftwareIdentity() creates a job and returns the job ID.

Remote Scheduling Types

Immediate Update

To immediately update component firmware, schedule the update and reboot jobs with start time as TIME_NOW. Scheduling a reboot or update is not required for updates to the Lifecycle controller partitions (USC, Diagnostics).

The updates are immediate for these partitions.

Scheduled Update

Specifying a scheduled start time for one or more jobs using the

SetupJobQueue() method involves specifying a datetime value for the

StartTimeInterval parameter. Optionally, a datetime value can be also be specified for the UntilTime parameter.

Specifying an UntilTime defines a maintenance window to run the updates within a time-bound slot. If the time window expires and the updates have not completed, any update jobs that are currently running will complete, but any unprocessed jobs whose scheduled start time has begun will be failed.

Setting the Scheduling Reboot Behavior

The DCIM_SoftwareInstallationService.CreateRebootJob() method takes one of the following reboot types as an input parameter and a reboot job ID is returned as an output parameter. The reboot Job ID is used as the first Job ID in the JobArray parameter of the DCIM_JobService.SetupJobQueue() method along with other update Job IDs.

80 Remote Service Features

LC1_3.book Page 81 Monday, December 7, 2009 3:14 PM

• Reboot 1 - Power cycle - Performs the iDRAC PowerCycle that will power down the system and power it back up. This is not a graceful reboot. The system will power off the system without sending a shutdown request to an operating system running on the system. Only reboot type 1 will power on the system if the system is in an Off state, but A/C power is still applied.

• Reboot 2 - Graceful reboot without forced shutdown - Performs the iDRAC Graceful Shutdown command and if the system is powered off within the PowerCycle Wait Time, it powers the system back up and marks the reboot job as Reboot Completed. If the system is not powered off within the PowerCycle WaitTime, the reboot job is marked as failed.

• Reboot 3 - Graceful reboot with forced shutdown - Performs the iDRAC

Graceful Shutdown command and if the system is powered off within the

PowerCycle Wait Time, it powers the system back up and marks the reboot job as Reboot Completed. If the system is not powered off within the

PowerCycle WaitTime, the system is Power Cycled.

Remote Operating System Deployment

The remote operating system deployment capabilities enable deployment of an operating system remotely using WS-MAN web services protocols and

CIFS and NFS network file sharing protocols.

Remote Operating System Deployment Main Features

These are the main capabilities of remote operating system deployment:

• Remote activation of local exposure of embedded drivers as a USB device

• Remote acquisition of embedded drivers per selected operating system.

• Boot to an ISO image located on a network share.

• Download an boot to ISO image to vFlash.

Remote Operating System Deployment Interface

Dell Operating System Deployment web services interface provides the capability to support operating system deployment activities by manipulating operating system deployment features provided by the iDRAC service processor.

Detailed interface specifications and class definition (.mof) files can be found at the Lifecycle Controller area on the Dell Enterprise Technology Center at

Remote Service Features 81

LC1_3.book Page 82 Monday, December 7, 2009 3:14 PM

www.delltechcenter.com. Using CIM and Dell extension classes using the web services protocols WS-MAN, Dell Operating System Deployment feature provides the following capabilities:

• Get the embedded driver pack (a package of all supported operating system drivers for all supported operating systems for the platform) version:

Remote management consoles, applications, and scripts request driver pack version and list of supported operating systems from iDRAC through

WS-MAN.

The GetDriverPackInfo() method on the DCIM_OSDeploymentService class returns the embedded driver pack version and the list of operating systems supported by the driver pack.

• After determining which operating system the drivers are needed for, one of the following methods can be invoked through WS-MAN to unpack the appropriate drivers and expose them locally or acquire them remotely.

a The UnpackAndAttach() method on the

DCIM_OSDeploymentService class extracts the drivers for the requested operating system and places them on an internal USB device labeled OEMDRV. The OEMDRV appears as a locally attached USB device to the system. The method takes the operating system name and an expose duration time as input parameters and returns a job identification that can be subsequently checked for the status of the unpack and attach activity.

b The UnpackAndShare() method on the DCIM_OSDeploymentService class extracts the drivers for the requested operating system and copies them to a network share. The method takes the operating system name and network share information as input parameters and returns a job identification that can be subsequently checked for the status of the unpack and share activity. Network share information includes the IP address of the share, the share name, share type, and username, password and workgroup data for secure shares.

82 Remote Service Features

LC1_3.book Page 83 Monday, December 7, 2009 3:14 PM

Important

• The drivers unpacked and attached are removed after the time specified in ExposeDuration parameter or if no time is specified in the method invocation then by default the OEMDRV USB device will be removed after 18 hours.

• Ensure that ISO images attached during the process are detached before you use system services.

• When installing Red Hat Linux 5.3 using remote enablement commands, the installation will fail whenever there is an OEM drive

(for driver source) attached. To avoid failure, do not attach the OEM drive when using remote enablement commands to install Red Hat

Enterprise Linux 5.3.

• The following methods can be used to boot the system from an ISO image on a network share or to initiate PXE boot mechanisms: a b

The BootToNetworkISO() method on the

DCIM_OSDeploymentService class will boot the system using an

ISO image that has been made available on a CIFS or NFS network share.

The method takes the ISO image name, network share information, and exposure duration as input parameters and returns a job identification that can be subsequently checked for the status of the unpack and share activity. Network share information includes the IP address of the share, the share name, share type, and username, password and workgroup data for secure shares. For additional security a hash value can be calculated using well known hash algorithms and this value along with the type of the hash used can be provided as input parameters.

The BootToPXE() method on the DCIM_OSDeploymentService class initiates a Pre-Boot Execution Environment (PXE) boot of the system. The method requires no input parameters.

Important

• The drivers unpacked and attached are removed after the time specified in ExposeDuration parameter. If no time is specified in the method invocation, then by default the OEMDRV USB device will be removed after 18 hours.

• Ensure that ISO images attached during the process are detached before you use system services.

Remote Service Features 83

LC1_3.book Page 84 Monday, December 7, 2009 3:14 PM

84

• The following methods are used to directly detach the local OEMDRV device or the network ISO image. These can be used before the previously set exposure durations time out: a The DetachDrivers() method on the DCIM_OSDeploymentService class detaches and removes the OEMDRV device that had been previously attached by an invocation of the UnpackAndAttach() method. b The DetachISOImage() method on the

DCIM_OSDeploymentService class detaches and removes the network share based ISO image that had been previously attached by an invocation of the BootToNetworkISO() method.

• Several methods described in this document return job identifiers as output parameters. The jobs provide a means of keeping track of a requested action that cannot be performed immediately and, because of underlying technology constraints, will take longer than standard web service request response timeouts. The returned job identifier can subsequently be used in WS-MAN Enumerate or Get requests to retrieve job object instances. Job object instances contain a job status property that can be checked to see what state the job is in and whether it completed successfully or encountered a problem and failed. If a job failure occurs, the job instance also contains an error message property that provides detailed information on the nature of the failure. Other properties contain other error identification information that can be used to localize the error message to the supported languages and get more detailed error descriptions and recommended response action descriptions.

• The GetHostMACInfo() method on the DCIM_OSDeploymentService class returns an array of physical network port MAC addresses representing all the LAN on Motherboard (LOM) ports in the system. The method requires no input parameters.

• All the DCIM_OSDeploymentService methods described in this document return error codes indicating whether the method successfully executed, an error occurred, or a job was created. Job creation occurs if the action being performed in the method cannot be completed immediately.

Additionally, if an error occurs, the methods will also return output parameters that include an error message (in English) and other error identifiers that can be used to localize the error to languages supported by the USC. The other error identifiers can be used to index into and process

Remote Service Features

LC1_3.book Page 85 Monday, December 7, 2009 3:14 PM

Dell Message Registry XML files. The Dell Message Registry files are available in the six supported languages, one file per language. In addition to translated error messages, the Message Registry files contain additional detailed error descriptions and recommended response actions for each error returned by the Lifecycle Controller Remote Services web service interface.

Operating System Deployment Typical Use Case Scenario

This section contains a typical scenario for deploying an operating system remotely.

Prerequisites and Dependencies

The following are the prerequisites and dependencies for deploying the operating system remotely:

• Boot disk is available to install operating system, or the operating system

ISO image on the network share.

• It is recommended that the latest driver pack is installed and available in

USC-LCE.

• Provisioning console, application or appropriate scripts that are capable of sending WS-MAN Web services requests and method invocations.

Workflow

The following is a typical workflow for remote operating system deployment:

• Create the custom pre-operating system/operating system image and share it on the network, or create the required operating system media ISO image.

• Get the list of supported operating system and driver pack version information.

• Stage the operating system drivers by unpacking and attaching drivers for operating system deployment. These drivers will be installed during the operating system deployment process.

• Remotely boot to the custom pre-operating system/operating system image to initiate the operating system deployment process.

• Run detach commands to detach the ISO media and driver device.

Remote Service Features 85

LC1_3.book Page 86 Monday, December 7, 2009 3:14 PM

86

For more information on the Lifecycle Controller Remote Operating Systems

Deployment feature including the Lifecycle Controller 1.3 Web Services

Interface Guideline, white papers, the Dell OS Deployment Profile data model specification, class definition (.mof) files, sample code and scripts, see the Lifecycle Controller area on the Dell Enterprise Technology Center at

www.delltechcenter.com.

Staging and Booting to Operating System Image on vFlash

This feature allows you to download an ISO image to the vFlash SD Card on the target system and booting the system to this ISO image.

Prerequisite

This feature is available only if you have Dell-licensed vFlash present on your system.

WS-MAN Methods

Important

• If the supported SD card is installed and not formatted, executing the download ISO command will first format the SD card and then download to ISO image.

• If you try to download an ISO image larger than the available space on the vFlash of your system using the TFTP protocol, the task will fail, but will not be reported through an error message. Subsequent commands that try to access this ISO will fail.

The new WS-MAN methods added to the operating system deployment profile for vFlash are:

• DownloadISOToVFlash - Downloads the image to the vFlash. Support is available for CIFS, TFTP and NFS.

• BootToISOFromVFlash - Boots to the ISO image that has been staged on the vFlash. You cannot perform this action if you are using the iDRAC

GUI or RACADM commands to communicate with the vFlash. This command will also reboot or power on your system if it is in an Off state once executed.

• DetachISOFromVFlash - Detaches the partition so that the console cannot access it anymore.

Remote Service Features

LC1_3.book Page 87 Monday, December 7, 2009 3:14 PM

• DeleteISOFromVFlash - Deletes the ISO image from the vFlash partition. It provides the capability to download an ISO image to the vFlash and then boot from it, allowing you to download custom install images to run from. This command will execute only if the ISO is detached.

You will need to perform the following steps to complete the process:

1 Download the ISO image to the vFlash.

2 Get the concrete job ID and poll for the completion of this job.

3 Run the BootToISOFromVFlash command. This will attach the image as a CD ROM, boot to the attached image and then continue with the operating system installation.

4 Detach the partition on the vFlash.

5 Delete the ISO image from the partition.

Part Replacement

Part Replacement provides the automated change of firmware of a newly replaced component, such as a PowerEdge™ RAID controller, NIC or power supply, to match that of the original part. This feature is disabled by default and may be enabled if required. It is a licensed feature and requires the Dell vFlash SD card. When a component is replaced and the Part Replacement feature is enabled, the actions taken by the Lifecycle Controller are displayed locally on the system monitor.

The presence of the vFlash SD Card and configuration of Part Replacement related properties can be accomplished remotely through the Web services interface using the WS-MAN protocol. For examples of command line invocations using WinRM and WSMANCLI see the Lifecycle Controller 1.3

Web Services Interface Guide. DCIM Profile specification and related MOF files are available at Dell TechCenter wiki in the DCIM Extension Library area (www.DellTechCenter.com).

Important

Part replacement is supported on modular systems with the following

Broadcom devices:

• Broadcom NetXExtreme II 5709 Quad Port Ethernet Mezzanine Card for

M-Series

Remote Service Features 87

LC1_3.book Page 88 Monday, December 7, 2009 3:14 PM

88

• Broadcom NetXtreme II 57711 Dual Port 10 Gb Ethernet Mezzanine Card with TOE and iSCSI Offload for M-Series

• Broadcom 57710 10 Gb Ethernet card

Validating vFlash presence Using WS-MAN

To ensure that the system is equipped with a Dell-licensed vFlash card follow these steps:

1 Using an application, script or command line shell that can process WS-

MAN based web services requests, send a get instance request for the

DCIM_LCEnumeration class instance with the InstanceID of

"DCIM_LCEnumeration:CCR1".

2 If the vFlash is present, the output will have the following attribute values:

• AttributeName = Licensed

• CurrentValue = Yes

3 If the vFlash is not present on the system, or if it is not Dell-licensed, the output will have the following attribute values:

• AttributeName = Licensed

• CurrentValue = No

Using WS-MAN to get/set Part Firmware Update Attributes

To get the current Part Firmware Update and Collect System Inventory On

Restart property values using WS-MAN, an enumerate command request may be sent to get instances of the class DCIM_LCEnumeration. An instance object representing each attribute is returned per attribute where the

AttributeName string property on the object will contain the name of the Part

Replacement related property, such as Part Firmware Update. The

CurrentValue property will contain the current setting of the property.

See the Dell Lifecycle Controller Management Profile specification for specific attribute names and values.

To configure a Part Replacement related property value, set and apply actions are requested using the WS-MAN Web services protocol.

The set action is performed by invoking the SetAttribute() method on the

DCIM_LCService class. The SetAttribute() method takes as input parameters the property names and values. The possible values of the Part

Firmware Update are:

Remote Service Features

LC1_3.book Page 89 Monday, December 7, 2009 3:14 PM

• Allow version upgrade only - If the input for the CurrentValue is Allow

version upgrade only, firmware update on replaced parts will be performed if the firmware version of the new part is lower than the original part.

• Match firmware of replaced part - If the input for the CurrentValue is

Match firmware of replaced part, firmware on the new part will be updated to the version of the original part.

• Disable - If the input is Disable, the firmware upgrade actions will not occur.

The apply action is performed by invoking the CreateConfigJob() method on the DCIM_LCService class. The CreateConfigJob() method takes as parameters the scheduled start time (which can be TIME_NOW) and a reboot if required flag. A job ID is returned as a parameter and can be used to check on the job completion status.

To check job completion status, enumerate instances of the

DCIM_LifecycleJob class and check for the instance where the

InstanceID = job ID returned by the CreateConfigJob() method. The

JobStatus property on the job instance will indicate the job is completed when the part replacement properties have been set.

Remote Service Features 89

LC1_3.book Page 90 Monday, December 7, 2009 3:14 PM

90 Remote Service Features