Reference Guide

Product and Subsystem Security

Topics:

• Security controls map

•

Authentication

• Authentication with external systems

• Data security

• Serviceability

• Network security

• Auditing and logging

Security controls map

OpenManage Ansible Modules use Ansible Playbooks to run commands for interacting with iDRAC and Open Manage Enterprise.

The system credentials are not stored by default. Some iDRAC modules use a file system to temporarily read and write files to

a local Ansible control machine or a file server. The file server path is mounted on the Ansible control machine, and you must

securely configure the file servers.

iDRAC and OpenManage Enterprise communicate with Dell server for firmware updates over a HTTPS channel, facilitated by the

Ansible control machine through modules and playbooks. The following figure displays the OMAM security controls map:

Authentication

Access control settings provide protection of resources against unauthorized access. OMAM does not have any access

control system of its own. It is dependent on the access control settings which are provided by Ansible, File Server, iDRAC,

OpenManage Enterprise, and Redfish endpoints.

For more information about the connection methods see the Ansible documentation.

Authentication with external systems

The OMAM modules communicate with iDRAC and OpenManage Enterprise over a secure HTTPS channel. OMAM supports

session-based authentication for REST calls.

Session-based authentication is used when issuing multiple Representational State Transfer (REST) requests.

● Session login is initiated by accessing the Create session URI. The response to this request includes an X-Auth-Token header

with a session token. Authentication for subsequent requests is made using the X-Auth-Token header.

6 Product and Subsystem Security