Security FeaturesDell OpenManage™ Installation and Security User's Guide
The Dell OpenManage™ systems management software components provide the following security features:
 |
NOTE: Telnet does not support SSL encryption. |
Table 2-1 lists the ports used by the Dell OpenManage systems management software, other standard operating system services, and other agent applications. Correctly configured ports are necessary to allow Dell OpenManage systems management software to connect to a remote device through firewalls. If the attempt to communicate with a remote device fails, you may have specified an incorrect port number.
Table 2-1. Dell OpenManage UDP/TCP Ports Default Locations
|
NOTE: CIM ports are also dynamic. See the Microsoft knowledge base at support.microsoft.com for information on CIM port usage. |
|
NOTE: If you are using a firewall, you must open all of the ports listed in the previous table to ensure that IT Assistant and other Dell OpenManage applications function properly. |
Dell™ provides security and access administration through role-based access control (RBAC), authentication, and encryption, or through Microsoft Active Directory for both the Web-based and command-line interfaces.
RBAC manages security by determining the operations that can be executed by users in specific roles. Each user is assigned one or more roles, and each role is assigned one or more user privileges that are permitted to users in that role. With RBAC, security administration can correspond closely to an organization's structure. For information about setting up Dell OpenManage users, see "Assigning User Privileges."
Server Administrator grants different access rights based on the user's assigned group privileges. The three user levels are User, Power User, and Administrator.
Users can view most information.
Power Users can set warning threshold values, run diagnostic tests, and configure which alert actions are to be taken when a warning or failure event occurs.
Administrators can configure and perform shutdown actions, configure Auto Recovery actions in case a system has a hung operating system, and clear hardware, event, and command logs. Administrators can also send e-mail.
Server Administrator grants read-only access to users logged in with User privileges; read and write access to users logged in with Power User privileges; and read, write, and administrator access to users logged in with Administrator privileges. See Table 2-2.
|
User Privileges |
Access Type | ||
|---|---|---|---|
|
|
Admin |
Write |
Read |
Admin access allows you to shut down the managed system.
Write access allows you to modify or set the values on the managed system.
Read access allows you to view the data reported by Server Administrator. Read access does not allow you to change or set the values on the managed system.
Table 2-3 summarizes which user levels have privileges to access and manage Server Administrator Services.
Table 2-3. Server Administrator User Privilege Levels
|
Service |
User Privilege Level Required | |
|---|---|---|
|
|
View |
Manage |
Table 2-4 defines the user privilege level abbreviations used in Table 2-3.
Table 2-4. Legend for Server Administrator User Privilege Levels
The Server Administrator authentication scheme ensures that the correct access types are assigned to the correct user privileges. Additionally, when you invoke the CLI, the Server Administrator authentication scheme validates the context within which the current process is running. This authentication scheme ensures that all Server Administrator functions, whether accessed through the Server Administrator home page or CLI, are properly authenticated.
For supported Microsoft Windows® operating systems, Server Administrator authentication is based on the operating system's user authentication system using Windows NT® LAN Manager (NTLM) modules to authenticate. This underlying authentication system allows Server Administrator security to be incorporated in an overall security scheme for your network.
For supported Red Hat® Enterprise Linux operating systems, Server Administrator authentication is based on the Pluggable Authentication Modules (PAM) library. This documented library of functions allows an administrator to determine how individual applications authenticate users.
For supported Novell® NetWare® operating systems, Server Administrator authentication is based on the Novell Directory Services (NDS) library. This documented library of functions allows an administrator to determine how individual applications authenticate users.
Server Administrator is accessed over a secure HTTPS connection using secure socket layer (SSL) technology to ensure and protect the identity of the system being managed. Java Secure Socket Extension (JSSE) is used by supported Microsoft Windows, Red Hat Enterprise Linux, and certain Novell NetWare operating systems to protect the user credentials and other sensitive data that is transmitted over the socket connection when a user accesses the Server Administrator home page. Supported Novell NetWare operating systems use Java SSL and Secure Authentication Services (SAS)-NetWare International Cryptographic Infrastructure (NICI).
The Microsoft Active Directory® service software acts as the central authority for network security, letting the operating system readily verify a user's identity and control that user's access to network resources for Dell OpenManage applications running on supported Microsoft Windows platforms. Dell has modified the Active Directory database to support remote management authentication and authorization. IT Assistant, Server Administrator, and Dell remote access controllers can now interface with Active Directory to add and control users and privileges from one central database. For information about using Active Directory, see "Microsoft Active Directory."