Posts Tagged‘remote management’

Configuring Dell Server BIOS Remotely Using WSMAN and WinRM.

I have the pleasure of configuring some Dell kit without the use of a pre-execution environment. This presents quite a challenge as many of the management tools are designed to run within such an environment or an installed operating system which means that my options for configuring these serves is somewhat limited. Thankfully for most of the critical stuff Dell’s RACADM tool is more than capable of managing the server remotely however it unfortunately doesn’t have any access to the system BIOS where some critical changes need to be made. Thus I was in need of finding a solution to this problem and it seems that my saviour comes in the form of a protocol called Web Services Management (WSMAN).

WSMAN is an open protocol for server management which provides a rather feature rich interface to your hardware for getting, setting and enumerating the various features and settings on your hardware. Of course since its so powerful it’s also rather complex in nature and you won’t really be able to stumble your way through it without the help of a vendor specific guide. For Dell servers the appropriate guide is the Lifecycle Controller Web Services Interface Guide (there’s an equivalent available for Linux) which gives you a breakdown of the commands that are available and what they can accomplish.

They’re not fully documented however so I thought I’d show you a couple commands I’ve used in order to configure some BIOS settings on one of the M910 blades I’m currently working on. The first requirement was to disable all the on board NICs as we want to use the Qlogic QME8262-k 10GB NICs instead. In order to do this however we first need to get some information out of the WSMAN interface in order to know which variables to change. The first command you’ll want to run is the following:

winrm e http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/root/dcim/DCIM_BIOSEnumeration
-u:root -p:calvin
-r:https://[iDRACIP]/wsman -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic

Which will give you a whole bunch of output along these lines:

DCIM_BIOSEnumeration
    AttributeName = EmbNic1Nic2
    Caption
    CurrentValue = Enabled
    DefaultValue
    Description
    ElementName
    FQDD = BIOS.Setup.1-1
    InstanceID = BIOS.Setup.1-1:EmbNic1Nic2
    IsOrderedList
    IsReadOnly = FALSE
    PendingValue
    PossibleValues = Disabled, Enabled

DCIM_BIOSEnumeration
    AttributeName = EmbNic1
    Caption
    CurrentValue = EnabledPxe
    DefaultValue
    Description
    ElementName
    FQDD = BIOS.Setup.1-1
    InstanceID = BIOS.Setup.1-1:EmbNic1
    IsOrderedList
    IsReadOnly = FALSE
    PendingValue
    PossibleValues = Disabled, EnablediScsi, EnabledPxe, Enabled

Of note in the output are the AttributeName and PossibleValues variables. In essence these represent the current and possible states of the BIOS variables and all of them can be modified through the appropriate WSMAN command. The Dell guide I referenced earlier though doesn’t exactly tell you how to do this and the only example that appears to be close is one for modifying the BIOS boot mode setting. However as it turns out this same command can be used to modify any variable that is output by the previous command so long as you create the appropriate XML file. Shown below is the command and XML file to disable the first 2 embedded NICs:

Code:
winrm i SetAttribute http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/root/dcim/DCIM_BIOSService?SystemCreationClassName=DCIM_ComputerSystem
+CreationClassName=DCIM_BIOSService
+SystemName=DCIM:ComputerSystem+Name=DCIM:BIOSService
-u:root -p:calvin
-r:https://[iDRACIP]/wsman -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic -file:SetAttribute_BIOS.xml

SetAttribute_BIOS.xml:
<p:SetAttribute_INPUT xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/root/dcim/DCIM_BIOSService">
<p:Target>BIOS.Setup.1-1</p:Target>
<p:AttributeName>EmbNic3Nic4</p:AttributeName>
<p:AttributeValue>Disabled</p:AttributeValue>
</p:SetAttribute_INPUT>

This appears to work quite well for individual attributes but I’ve encountered errors when trying to set more than one BIOS variable at a time. This could easily be due to me fat fingering the input file (I didn’t really check it before troubleshooting it further) but it could also be a limitation of the WSMAN implementation on the Dell servers. Either way once you’ve run that command you’ll notice the response from the server states that the values are pending and the server requires a reboot. Now I’m not 100% sure if you can get away with just rebooting it through the iDRAC or physically rebooting it but there is a WSMAN command which I can guarantee will apply the setting whilst also rebooting the server for you. Again this one relies on an XML file for it to succeed:

Code:
winrm i CreateTargetedConfigJob http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/root/dcim/DCIM_BIOSService?SystemCreationClassName=DCIM_ComputerSystem
+CreationClassName=DCIM_BIOSService
+SystemName=DCIM:ComputerSystem
+Name=DCIM:BIOSService
-u:root -p:calvin
-r:https://[iDRACIP]/wsman -SkipCNcheck -SkipCAcheck
-encoding:utf-8 -a:basic -file:CreateTargetedConfigJob_BIOS.xml

CreateTargetedConfigJob_BIOS.xml:
<p:CreateTargetedConfigJob_INPUT xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/root/dcim/DCIM_BIOSService">
<p:Target>BIOS.Setup.1-1</p:Target>
<p:RebootJobType>2</p:RebootJobType>
<p:ScheduledStartTime>TIME_NOW</p:ScheduledStartTime>
<p:UntilTime>20131111111111</p:UntilTime>
</p:CreateTargetedConfigJob_INPUT>

Upon executing this command the server will reboot and then load into the Lifecycle Controller where it will apply the desired settings. After which it will reboot again and you’ll be able to view the settings inside the BIOS proper. It appears that this command can be used for any variable that appears within the initial BIOS enumeration so using this it is quite possible to fully configure the BIOS remotely. You can also access quite a lot of things within the iDRAC itself however I’ve found that RACADM is a much easier way to go about this, especially if you simply dump the entire config, edit it, then reupload it. Still the option is there if you want to use the single tool but unless you’re something of a masochist I wouldn’t recommend doing everything through WSMAN.

All that being said however the WSMAN API appears to cover pretty much everything in the server so if you need to do something remotely to it (hardware wise) and you don’t have the luxury of a PXE or installed operating system than its definitely something to look into. Hopefully the above commands will get you started and then the rest of the Dell integration guide will make a little more sense. If you’ve got any questions about a particular command hit me up in the comments, on Twitter or on my Facebook fan page and I’ll help you out as much as I can.

Microsoft Live Mesh: Almost Too Easy.

After working with enterprise level gear for a while you start to miss certain things when you’re working on your own kit at home. One of the biggest things for anyone is out of band management which is the ability to access a computer remotely as if you were sitting right in front of it. It’s really quite handy when you’re working in large environments with data centers that can be several hundred kilometers away or even just a 5 minute walk down the hallway, since us geeks aren’t known for our physical prowess. So when it comes time for us to access our kit when we’re not at home us geeks have traditionally turned to services like LogMeIn or programs based around the VNC protocol to get the job done, which aren’t technically out of band management solutions but get the job done more or less. However Microsoft recently released their Live Mesh beta to the wider world and it too can provide such remote access functionality. I decided to give it a test spin last week.

Mesh appears to be an organic evolution of some of the other cloud services that Microsoft began providing last year. If you had heard of their SkyDrive product you’ll understand why I’m saying this, since the sales pitch is basically the same. In essence it is marketed as an online folder that you can use to sync data across multiple devices, including mobile phones. They offer up 5GB of online storage for free which isn’t too bad for a completely free service. I haven’t really used this feature much myself but I can see it being useful for keeping critical files on hand, although I question the phone integration as being somewhat useless (my 3G coverage seems a tad patchy, and I’d hate for it to try and download anything over 1MB on GPRS). The fact that they’re looking to do this cross platform does show that they’re committed to this being a true cloud service, although time will tell how far they actually go with that.

The most attractive feature for me of Mesh was the remote desktop in a web browser feature. I’d been fooling around with several different VNC clients in order to get the same thing working but they always failed in one way or the other. I was always hesitant of similar services as I didn’t really want to provide them access to my machine. However I figured that if Microsoft wanted to remotely access my PC they could probably already do it, so I resigned myself to give it a try. After putting in my Live credentials I was greeted with a ring and an opportunity to add devices to my network. This is where things started to get interesting.

Mesh’s install process is blindly easy. All you have to do is login, click on Add device, select the appropriate operating system (the Vista client works fine on Windows 7), and click install. About 5 minutes later you’ll be asked to provide your Live credentials again but after that the Mesh client will sit quietly in your system tray and the device you added will become available in the Mesh ring. Clicking on the device will allow you to connect to it remotely, as if you were sitting right in front of it. This is where the Mesh client really starts to shine because all of this took about 10 minutes total to set up and use with nary a firewall port to forward or any other kind of trickery. The desktop will be shown to you in its native resolution scaled up or down to fit whatever monitor you may be using at the time. Whilst this did make my dual screen desktop look decidedly squished on my monitors at work it was still usable, and my single monitor media PC scaled down quite well. Even with my meager 100KB/s upload (shared with this web server) the interface was quite responsive, even with 2 sessions running. Everything seemed fairly easy up to this point and I could easily see non-tech savvy people using this service.

However the experience was not without its share of problems. The Mesh interface for the desktop connections is done through a dreaded ActiveX control, which means you’ll only be accessing it through Internet Explorer. Granted the last 2 incarnations of this browser have made great leaps in undoing the damage to Internet standards that all its predecessors did but I’m still a Firefox/Chrome man myself (mostly for the wide array of plugins). Additionally whilst running 2 sessions is possible you’ll have to open up 2 separate browser instances for it to work, otherwise one of the sessions will just plain not work. This is provided that you can actually get into your computers since the connection is initiated from Microsoft’s servers which managed to drop me out of my session on more than one occasion. I can understand this since its still in beta, but having the console report strange error codes with little explaining text (sending me into a Google flurry) didn’t  garner any good will with me. There is definitely room for improvement here.

I really can’t fault Microsoft for trying here and the service overall is quite good. They still have some way to go before they’re up to the level of other services out there but for something that is free and that integrates so easily with any Windows operating system I can’t say that I would recommend anything else for those who need something simple to provide remote access to their PCs. I’ll be keeping a keen eye on it over the coming months and I’ll be hoping to see things like Outlook integration so I can sync my contacts and email on the fly without having to set up an exchange server to do so. But that could be wishful thinking on my part, but I’m sure it’s on Microsoft’s radar.