Manualshelf

White Papers

ManualsBrandsDell ManualsActive System ManagerEMC OpenManage Mobile - Current Version
12345678910
OpenManage Mobile on-device security
Dell EMC Technical White Paper
3 OpenManage Mobile on-device security
OMM stores a variety of information on the mobile device, such as credentials, host address information, and
settings. When used with iDRAC Quick Sync, server health, inventory, and configuration information are also
cached.
To protect this information, data is encrypted with a device-specific key, such as an optional password. When
used with biometric fingerprint authentication, a fingerprint may be used to quickly access information
protected by the key.
3.1 On-Device security controls
OpenManage Mobile is protected by an optional password and optional fingerprint-based authentication.
These controls prevent an unauthorized user from logging in to the application. A fifteen-minute inactivity
timeout helps protect the app if the device is laid aside for some time. This password is in addition to any
device password.
Information stored within OMM is protected in an AES encrypted database and user preference files. The
encryption key includes a device-specific component, so the data cannot be accessed from OMM on another
device, when the data is moved (even when a password is not used). If the password is used, the password
forms part of the encryption key, preventing access by anyone without the password. If fingerprint
authentication is used, the device stores an encrypted copy of the password with a key derived from the
fingerprint on behalf of the application. This security is in addition to any platform-specific encryption.
3.2 On-device securitybest practices
To better secure mobile devices used with OMM:
Use OMM with a password. Recommended passwords are at least 12 characters in length and use a
combination of uppercase, lowercase, number, and symbol characters.
Secure the device by using a password, pattern, or biometric lock. Locks are generally required when
VPN information is cached. Enable the lock when the screen is off, or the device is inactive for more
than 10 minutes.
Enable internal-storage encryption on your mobile device. Encryption is enabled by default in Android
5, and iOS 8 or later.
Download OMM and other applications only from trusted sources such as the Google Play Store or
the Apple App Store. This includes applications launched by OMM including web browsers, VNC
clients, and email clients. Some trusted apps are typically included with the device.
Consider using an anti-malware app on the device.