Users Guide
Table Of Contents
- Dell EMC OpenManage Enterprise Version 3.6 User's Guide
- Contents
- Tables
- About Dell EMC OpenManage Enterprise
- Security features in OpenManage Enterprise
- Install OpenManage Enterprise
- Installation prerequisites and minimum requirements
- Deploy OpenManage Enterprise on VMware vSphere
- Deploy OpenManage Enterprise on Hyper-V 2012 R2 and earlier host
- Deploy OpenManage Enterprise on Hyper-V 2016 host
- Deploy OpenManage Enterprise on Hyper-V 2019 host
- Deploy OpenManage Enterprise by using Kernel-based Virtual Machine
- Deploy OpenManage Enterprise programmatically
- Get started with OpenManage Enterprise
- Log in to OpenManage Enterprise
- Configure OpenManage Enterprise by using Text User Interface
- Configure OpenManage Enterprise
- Recommended scalability and performance settings for optimal usage of OpenManage Enterprise
- Supported protocols and ports in OpenManage Enterprise
- Use case links for the supported protocols and ports in OpenManage Enterprise
- OpenManage Enterprise Graphical User Interface overview
- OpenManage Enterprise Home portal
- Discovering devices for monitoring or management
- Discover servers automatically by using the server-initiated discovery feature
- Create a device discovery job
- Protocol support matrix for discovering devices
- View device discovery job details
- Edit a device discovery job
- Run a device discovery job
- Stop a device discovery job
- Specify multiple devices by importing data from the .csv file
- Global exclusion of ranges
- Specify discovery mode for creating a server discovery job
- Create customized device discovery job protocol for servers –Additional settings for discovery protocols
- Specify discovery mode for creating a chassis discovery job
- Create customized device discovery job protocol for Chassis – Additional settings for discovery protocols
- Specify discovery mode for creating a Dell storage discovery job
- Specify discovery mode for creating a network switch discovery job
- Create customized device discovery job protocol HTTPS storage devices –Additional settings for discovery protocols
- Create customized device discovery job protocol for SNMP devices
- Specify discovery mode for creating a MULTIPLE protocol discovery job
- Delete a device discovery job
- Manage devices and device groups
- Organize devices into groups
- Create a custom group (Static or Query)
- Create a Static device group
- Create a Query device group
- Edit a static group
- Edit a query group
- Rename a static or query group
- Delete a static or query device group
- Clone a static or query group
- Add devices to a new group
- Add devices to existing group
- Refresh health on group
- All Devices page - devices list
- All Devices page — device list actions
- Delete devices from OpenManage Enterprise
- Exclude devices from OpenManage Enterprise
- Run inventory on devices
- Update the device firmware and drivers by using baselines
- Refresh the device health of a device group
- Refresh health on devices
- Roll back an individual device's firmware version
- Export the single device inventory
- Performing more actions on chassis and servers
- Hardware information displayed for MX7000 chassis
- Export all or selected data
- View and configure individual devices
- Device Overview
- Device hardware information
- Run and download Diagnostic reports
- Extract and download SupportAssist reports
- Managing individual device hardware logs
- Run remote–RACADM and IPMI–commands on individual devices
- Start Management application iDRAC of a device
- Start the Virtual Console
- Refresh device inventory of a single device
- Organize devices into groups
- Managing device inventory
- Manage the device firmware and drivers
- Manage device deployment templates
- Create a deployment template from a reference device
- Create a deployment template by importing a template file
- View a deployment template information
- Edit a server deployment template
- Edit a chassis deployment template
- Edit IOA deployment template
- Edit network properties of a deployment template
- Deploy device deployment templates
- Deploy IOA deployment templates
- Clone deployment templates
- Auto deployment of configuration on yet-to-be-discovered servers or chassis
- Create auto deployment targets
- Delete auto deployment targets
- Export auto deployment target details to different formats
- Overview of stateless deployment
- Define networks
- Edit or delete a configured network
- Export VLAN definitions
- Import network definitions
- Manage Profiles
- Managing the device configuration compliance
- Monitor and Manage device alerts
- Monitor audit logs
- Using jobs for device control
- Manage the device warranty
- Reports
- Managing MIB files
- Managing OpenManage Enterprise appliance settings
- Configure OpenManage Enterprise network settings
- Manage OpenManage Enterprise users
- Role and scope based access control in OpenManage Enterprise
- Add and edit OpenManage Enterprise local users
- Edit OpenManage Enterprise user properties
- Enable OpenManage Enterprise users
- Disable OpenManage Enterprise users
- Delete OpenManage Enterprise users
- Import AD and LDAP groups
- Transfer of ownership of Device Manager entities
- Ending user sessions
- Directory services integration in OpenManage Enterprise
- OpenManage Enterprise login using OpenID Connect providers
- Add an OpenID Connect provider to OpenManage Enterprise
- Configure an OpenID Connect provider policy in PingFederate for role-based access to OpenManage Enterprise
- Configure an OpenID Connect provider policy in Keycloak for role-based access to OpenManage Enterprise
- Test the registration status of OpenManage Enterprise with the OpenID Connect provider
- Edit an OpenID Connect provider details in OpenManage Enterprise
- Enable OpenID Connect providers
- Delete OpenID Connect providers
- Disable OpenID Connect providers
- Security Certificates
- Set the login security properties
- Manage Console preferences
- Customize the alert display
- Configure SMTP, SNMP, and Syslog alerts
- Manage incoming alerts
- Manage warranty settings
- Check and update the version of the OpenManage Enterprise and the available plugins
- Execute remote commands and scripts
- OpenManage Mobile settings
- Enable or disable alert notifications for OpenManage Mobile
- Enable or disable OpenManage Mobile subscribers
- Delete an OpenManage Mobile subscriber
- View the alert notification service status
- Notification service status
- View information about OpenManage Mobile subscribers
- OpenManage Mobile subscriber information
- Troubleshooting OpenManage Mobile
- Other references and field descriptions
- Schedule Reference
- Firmware baseline field definitions
- Schedule job field definitions
- Alert categories after EEMI relocation
- Token substitution in remote scripts and alert policy
- Field service debug workflow
- Unblock the FSD capability
- Install or grant a signed FSD DAT.ini file
- Invoke FSD
- Disable FSD
- Catalog Management field definitions
- Firmware/driver compliance baseline reports— devices with 'Unknown' compliance status
- Generic naming convention for Dell EMC PowerEdge servers
● User dm1 is a member of two AD groups (adg1 and adg2). Both AD groups have been assigned the DM role, with scope
assignments for the AD groups as follows: adg1 is given access to g1 and adg2 is given access to g2. If g1 is the superset of
g2, then the scope of dm1 is the larger scope (g1, all its child groups, and all leaf devices).
When a user is a member of multiple AD groups that have different roles, the higher-functionality role takes precedence (in the
order Administrator, DM, Viewer).
A DM with unrestricted scope has operational access as specified by RBAC privileges to all device and group entities.
NOTE: Post upgrade of OpenManage Enterprise to version 3.6, the AD/LDAP and OIDC (PingFederate or KeyCloak)
device managers would need to recreate all the previous-version entities as these entities are only available to the
administrators post upgrade. For more information, see the Release Notes at https://www.dell.com/support/home/en-yu/
product-support/product/dell-openmanage-enterprise/docs.
SBAC for OIDC users:
Scope assignment for OIDC users does not happen within the OME console. You can assign scopes for OIDC users at an OIDC
provider during user configuration. When the user logs in with OIDC provider credentials, the role and scope assignment will
be available to OME. For more information about configuring user roles and scopes, see Configure an OpenID Connect provider
policy in PingFederate for role-based access to OpenManage Enterprise on page 153.
NOTE: If PingFederate is being used as the OIDC provider, then only administrator roles can be used. For more information,
see Configure an OpenID Connect provider policy in PingFederate for role-based access to OpenManage Enterprise on page
153 and the Release Notes at https://www.dell.com/support/home/en-yu/product-support/product/dell-openmanage-
enterprise/docs.
Transfer ownership : The administrator can transfer owned resources from a device manager (source) to another device
manager. For example, an administrator can transfer all the resources assigned from a source dm1 to dm2. A device manager
with owned entities such as firmware and/or configuration baselines, configuration templates, alert policies, and profiles is
considered an eligible source user. Transfer of ownership transfers only the entities and not the device groups (scope) owned
by a device manager to another. For more information see, Transfer of ownership of Device Manager entities on page 148.
Related references
OpenManage Enterprise user role types on page 14
Related tasks
Install OpenManage Enterprise on page 19
Add and edit OpenManage Enterprise local users
This procedure is specific to only adding and editing the local users. While editing local users, you can edit all the user
properties. However, for Directory Users, only the role and device groups (in the case of a Device Manager) can be edited. To
integrate Directory Services in OpenManage Enterprise and to import the Directory users, see Directory services integration in
OpenManage Enterprise on page 148 and Import AD and LDAP groups on page 147.
NOTE:
● To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role and scope based
access control in OpenManage Enterprise on page 15.
● You cannot enable, disable, or delete the admin/system/root users. You can only change the password by clicking Edit
in the right pane.
1. Select Application Settings > Users > Users > Add.
2. In the Add New User dialog box:
a. Under User Details, select Administrator, Device Manager, or Viewer from the User Role drop-down menu.
For more information, see Role and scope based access control in OpenManage Enterprise on page 15.
By default, the Enabled check box is selected to indicate that the user privileges currently being set up are enabled for a
user.
b. For the Device Manager roles, the scope is defaulted to All Devices (unrestricted scope), however, the administrator
can restrict the scope by choosing the Select Groups option followed by selecting the device group(s).
c. Under User Credentials, enter Username, Password, and reenter the password in the Confirm Password fields.
Managing OpenManage Enterprise appliance settings
145