Reference Guide
Table Of Contents
- Dell EMC OpenManage Enterprise 3.6 Security Configuration Guide
- Contents
- Figures
- Tables
- PREFACE
- Security quick reference
- Product and subsystem security
- Contacting Dell
Table 2. OpenManage Enterprise supported protocols and ports on the managed nodes (continued)
Port
Number
Protocol Port
Type
Maximum
Encryption
Level
Source Directio
n
Destinatio
n
Usage
161 SNMP UDP None OpenManage
Enterprise
appliance
Out Managed
node
● For SNMP queries.
162* SNMP UDP None OpenManage
Enterprise
appliance
In/ Out Managed
node
● Send and receive SNMP traps.
443 Proprietar
y/ WS-
Man/
Redfish
TCP 256-bit OpenManage
Enterprise
appliance
Out Managed
node
● Discovery and inventory of
iDRAC7 and later versions.
● For the CMC management.
623 IPMI/
RMCP
UDP None OpenManage
Enterprise
appliance
Out Managed
node
● IPMI access through LAN.
69 TFTP UDP None CMC In Manageme
nt station
● For updating CMC firmware.
* Port can be configured up to 499 excluding the port numbers that are already allocated.
NOTE: In an IPv6 environment, you must enable IPv6 and disable IPv4 in the OpenManage Enterprise appliance to ensure
all the features work as expected.
Internal network (CIFS) share
Some device functionality such as firmware update, server configuration profile capture and deployment, tech support and
diagnostic report extraction require access to an external network share (that is external to the server) to complete the
operation. OME has included a built-in CIFS share to reduce the work required to set up an external network share and improve
customer experience. That means OME includes smbd (www.samba.org) and a running OME instance will have smbd listening
on ports 139 / 445. The CIFS share in OME is available after the appliance is powered on. However, access is protected
with credentials and SMB protocol version defaults to SMBv2 (this can be altered using the Appliance Settings). OME rotates
the credentials on a periodic basis (every six hours, this is not externally configurable) and stores encrypted passwords in a
database. The share location and credentials are provided to the devices that need to access them, within the context of each
such OME workflow. This share is used only through internal communication to the devices and there is no external method to
get the share details.
Field service debug (FSD)
In OpenManage Enterprise, you can authorize console debugging by using the Field Service Debug (FSD) option. FSD enables
root level access to appliance via SSH. This process can only be authorized through Dell-EMC Support services. For more
information, see Field service debug workflow section in the user's guide.
OpenManage Enterprise update
Users can upgrade to the next version of OpenManage Enterprise by downloading the latest bundle from dell.com. For more
information, see Update OpenManage Enterprise section in the user's guide.
Product and subsystem security
19