Reference Guide

Data security

OME stores all sensitive data encrypted with the OME generated encryption key. All user credentials are stored with a one-way

hash and cannot be decrypted.

All Device credentials are encrypted with AES 128 bit key encryption. All other data on the appliance is protected by privileges

and provides access based on the privileges. Also, OME pre-configured SeLinux policies ensure data protection and access to

the OME workflows.

Cryptography

Internal services are configured with specific Access Control Lists (ACL) and ensures only required services can have access .

OpenManage Enterprise supports industry-proven crypto algorithms for client communication. OME only allows communication

via the TLS v1.2 protocol with clients. Clients can negotiate to communicate with OME using the below cipher:

● TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

● TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

● TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

● TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

NOTE: Selection of ciphers is NOT user configurable.

Certificate management

By default, OME is configured to use self-signed certificates. Admins can configure the CA signed certificate under Application

Settings > Security > Certificates.

Users can view all view information about the currently available SSL certificate for the device by navigating to Application

Settings > Security > Certificates. By default, OpenManage Enterprise comes with self-signed certificates.

Figure 10. Certificate management

User can also generate CSR, get it signed, and then upload the signed certificate to OpenManage Enterprise console.

Auditing and logging

Auditing provides a historical view of the users and activity on the system. Audit logs page lists the log data to help you or the

Dell EMC Support teams in troubleshooting and analysis. An audit log is recorded when:

Product and subsystem security