Development

Before delving into the specifics of a PowerEdge environment, have you considered and organised the following routine maintenance measures?

• Testing security - firewalls, policies, passwords
• Auditing backups - currency, integrity
• Inspecting hardware - condition, expectancy
• Reviewing data - usage, structure, relevance
• Monitoring activity - admins, employees, users
• Updating software - OS, applications, tools

Baseline Configuration

A set of device levels that comprise the BIOS, drivers, and firmware. Defining this reference standard will save a lot of headache over drifting or incorrect setups that could lead to poor system performance, data corruption or even security vulnerabilities.

Creating an Initial Baseline Configuration

The DRM, or Dell EMC Repository Manager, is your official and secure channel for the latest updates from Dell. Use with OpenManage Enterprise to derive an initial Baseline Configuration from each server.

Production

With a plan devised, and a Baseline Configuration created, it's now time to deploy and manage.

Baseline Software Catalogue

Given an initial Baseline Configuration, a catalogue of installed software and updates can be created and published internally via the DRM.

The DRM also provides a Scheduled Search feature, so that an admin can be notified the moment a relevant update is available.

Updating a Server

For a single update, the simplest option is the classic self-extracting exe, a Dell Update Package, that is applied manually.

For multiple updates, the integrated Dell Remote Access Controller (iDRAC) offers manual and automatic operation, along with update scheduling and staging from version 7.

To complement iDRAC is the Lifecycle Controller that provides system management - notably OS deployment. It can be invoked directly on a machine at start-up with F10, or through iDRAC. Both tools offer a GUI, but can also be called through scripts.

Dell advises that with the two, it is the best process for updating VMs.

As a standalone alternative, Server Update Utility can be used though requires configuration through the DRM.

Updating Multiple Servers

OpenManage Enterprise is where you'll find your system inventory. Each system configuration can be compared against a baseline, with any drifts notified to admins. Updates can then be applied both autonomously and simultaneously.

If you're operating Blade Servers, the CMC, or Chassis Management Controller, is designed specifically to help monitor and manage such setups, where updates can be pushed to the necessary servers after the DRM has identified and gathered the relevant updates.

For custom and 3rd party deployment tools, the Dell EMC Online Catalog provides a repository of updates.

If you're more inclined to script, the DSU (Dell System Update) tool is script-optimized, providing update identification and deployment, with support for both Windows and Linux.

In some cases, Bootable Media might be the best option, and is recommended for updating storage drives. Use the DRM and DSU to create the file.

For most though, common practice involves bundling the required update files from the DRM into a Scripted Deployment Pack.

Integrations

Dell offer specific support for both Windows and Linux.

Linux YUM Repository

If you're using Zypper or Red Hat Satellite to deploy updates, Dell provide a Yellowdog Update Modified repository with updates in the RPM format.

Microsoft Endpoint Configuration Manager (SCCM)

Formerly System Center, the Lifecycle Controller can be access remotely, allowing an admin to manage users, apps, devices, and policy permissions.

The Updates Publisher enables 3rd-party patches to be installed, thanks to the integration with WSUS, Windows Server Update Service. As with their own catalogue, Dell offers one specific for Windows Server, an SDP Catalogue.

Microsoft Cluster-Aware Updates

An automated process for failover clusters and Storage Spaces Direct clusters that ensures maximum availability.

BMC - BladeLogic & Performance Net Manager

As BMC products utilise standard Dell Update Packages, the DRM can provide the updates for faster deployment.

iDRAC Recommendations

For the most secure connection use SNMPv3.

Accessing iDRAC should be :

• Over an isolated or virtualised network
• Via a dedicated 1 GbE port
• Using 256-bit TLS 1.2 encryption
• With a filtered IP address range and restricted subnet

If you're using version 9 with an Enterprise Licence, use Lockdown Mode to further prevent modification of settings.

For additional authentication, use Active Directory (AD) with the Lightweight Directory Access Protocol (LDAP).