Manualshelf

White Papers

ManualsBrandsDell ManualsActive System ManagerEMC OpenManage Mobile - Current Version
12345678910
OpenManage Mobile at-the-server and at-the-chassis security
Dell EMC Technical White Paper
that the unique iDRAC MAC address be supplied. Therefore, each out-of-the-box Quick Sync 2 connection is
authenticated with system specific information.
When connecting to servers by using Quick Sync 2, each server is identified by an x509 format PKI certificate
identical to that used by the iDRAC web server or auto-discovery feature. Also, the Service Tag of each
system is displayed while connecting. To ensure that the connection occurs with the correct system,
administrators may activate the ID LED option.
Users can access all sleds and other components information on MX Chassis. The data is retrieved on
chassis by using a proxy BLE service. For this proxy service the highly secure TLS 1.2 protocol along with
128 bit-AES is used for encryption. The data used internally on an MX Chassis is retrieved by using an
internal VLAN on MX Chassis. The connection in internal VLAN is secure and not accessible outside the MX
Chassis box.
1.2 Quick Sync bezel security
Quick Sync bezels are available on selected 13th
generation PowerEdge servers equipped with a
Quick Sync bezel. OMM Android uses Near-Field
Communication (NFC) technology to communicate
with the Quick Sync bezel which is secured using
encryption and authentication.
Because of its security properties, NFC technology is
often selected for use in mobile payment solutions.
The Quick Sync bezel must be activated by an
administrator physically present at the server. NFC
communications are limited to within a few centimeters of
the bezel, precluding observation from outside the data
center or even from another area within the data center. Use of the iDRAC Quick Sync bezel is logged within
iDRAC.
An administrator applying a configuration by using the Quick Sync bezel must authenticate themselves by
using the iDRAC credentials. Configuration information sent to the Quick Sync bezel is cryptographically
protected. Configuration data is digitally signed and encrypted by using the industry standard AES algorithm
with 128-bit keys. Keys are dynamically generated for each configuration write-transaction and exchanged by
using the Diffie-Hellman key exchange algorithm. Unique sequence numbers prevent re- application of the
same configuration request. Therefore, Quick Sync bezel configuration information is protected against
tampering, information disclosure, and replay attacks.
1.3 Best practices for at-the-server security
To help maximize security, Dell EMC recommends the following:
Protect your servers and chassis by limiting physical access to authorized personnel only.
Always change the default credentials when provisioning a new server.
If personal devices are not permitted in the data center, consider using a dedicated mobile device
which is always physically kept in the data center.
An administrator using iDRAC
Quick Sync