Dell

Prerequisites

  • iDRAC integration is enabled using the Redfish API. Redfish API is enabled by default in most iDRAC9 and iDRAC10 firmware versions. However, if it is disabled or access is restricted, enable it via the iDRAC GUI , navigate to:iDRAC Settings > Services > Redfish.
  • The onboarding user for iDRAC must have the Operator role assigned.
  • Verify that the target server’s FQDN or IP Address is reachable from the cloud connector.

Onboarding Dell

  1. Go to (Menu) > CLM > ADMINISTRATION > Device Management.
    By default, the ADC tab opens.
  2. Click the Server tab.
  3. Click the (Add) icon.
  4. Select Dell logo from the Vendors list.
  5. In the Server Details section, enter details as mentioned below.
    Table 1. Server Details - Field Description Table
    Fields Description
    *Server Type Select Server type has default value iDRAC (Integrated Dell Remote Access Controller).
    *Server name Enter the name of the designated Dell iDRAC server.
    *IP address/ FQDN Enter the IP address, Short name or the fully qualified domain name (FQDN) of the server that is to be onboarded.
    Example:
    • IP Address: 127.0.0.1
    • Short name: server01
    • FQDN: server01.example.com
    Note: The Short name must be resolvable to its corresponding FQDN.
    HTTPS Port Use the HTTPS Port enabled in the iDRAC webserver setting.
    Note: Default value is 443.
    Data center Choose the desired data center.
    Onboarding Group Select the onboarding group to assign the device.
    Note: Devices without an assigned group are automatically mapped to the Default group during migration, onboarding, and when edited without existing group mappings.
    Proxy required To enable communication through proxy servers select the checkbox.
    Note: By default, the checkbox is not selected.
    Cert sync Choose from any of the following:
    • Managed - AppViewX performs the config fetch operations and the certificates are discovered and managed in the inventory. CLM actions (push & bind, rollback etc.) can be performed on them.
    • Monitored - AppViewX performs the config fetch operations and the certificates are downloaded in the inventory in the read-only state. CLM actions cannot be performed on them.
    • Ignored - AppViewX only performs the config fetch operations for the devices. There is no certificate discovery performed.
    *: Mandatory fields
  6. In the Credentials section, select/enter the details as follows.
    Table 2. Credentials - Field Description Table
    Fields Description
    *Credential Type Select the credential type from the dropdown.
    • Manual entry (default)
    • Credential List - xyz (All the configured external vaults.)
    *Username This filed is displayed only if the Credential Type = Manual.

    Enter the designated username for authentication.

    *Password This filed is displayed only if the Credential Type = Manual.

    Enter the secure password.
    *Credentials list When Credential list - xyz is selected as the credential type, the Credentials List dropdown appears. Select the desired preconfigured credential list from the available options.
    *: Mandatory fields
  7. Click Save.
    The Dell iDRAC device is onboarded successfully.

Enroll Certificate

Prerequisites and Validation Rules for Endpoint CSR generation:

The following fields are mandatory and must be validated:

  • Common Name
  • Organization
  • City
  • State
  • Country
  • Organizational Unit
Note: All the above fields are required. Missing any field will result in a validation error with a user-friendly message.
Validation Rules
  • All the above fields are required. Missing any field should result in a validation error with a user-friendly message.
  • Alternative Names:
    • Valid DNS entries.
    • Can only include letters, numbers, and dots (.), and must not contain spaces, underscores (_), or other special characters.
  • Common Name, Organization, City, State, and Country must:
    • Only letters, numbers, dots (.), spaces, and underscores (_) are allowed.
    • Other special characters are not permitted.
  • Key Type and Size Constraints (iDRAC-specific):
    • iDRAC primarily supports the RSA key type.
    • DSA and Elliptic Curve (EC) key type is not supported
    • By default, iDRAC uses RSA 2048-bit keys with SHA-256 for cryptographic operations.

Discovery Certificate

AppViewX discovers the certificate from the iDRAC SSL/TLS settings and creates the following profiles.
  • {deviceName}:@adminPortal
  • {deviceName}:@adminPortal:@customSigningCertificate
Note: Private keys cannot be exported.

Push Certificate

  • Use {deviceName}:@adminPortal profile will be used to push both SSL/TLS Certificate Signing Request and SSL/TLS Custom Certificate
  • Use the {deviceName}:@adminPortal:@customSigningCertificate profile to push only the custom signing certificate. Once pushed, iDRAC will generate a self-signed certificate that is signed using the provided custom signing certificate
  • After the certificate is pushed, iDRAC automatically performs a reset. During this process, iDRAC may be temporarily unavailable for a few minutes.
    Note: The existing certificate remains active until the reset is completed.

Validating the Device

After the device is onboarded successfully, follow the steps to validate the device communication with AppViewX:
  1. Go to ADMINISTRATION > Device Management.
    By default, the ADC tab opens.
  2. Click the Server tab.
    The Server Inventory page is displayed.
  3. Check that the device name appears in the inventory (Name column) with the specified CertSync status (Status Column).
    The status column will have the value Managed/Monitored/Ignored based on the CertSync status if the connection is successful or displays Failed/Unresolved in case of failure.
  4. From the Status column, click the Managed/Monitored.
    Device Status Log pop-up is displayed.
  5. Expand each value in the pop-up to know the Device communication, Device Version, Instance Information, and Certificate Discovery From Device.

What's Next

Once you have onboarded and validated the device connection, you are ready to proceed with the any of the following certificate actions: