Manualshelf

White Papers

ManualsBrandsDell ManualsActive System ManagerEMC OpenManage Mobile - Current Version
12345678910
OpenManage Mobile remote connection security
Dell EMC Technical White Paper
2 OpenManage Mobile remote connection security
OpenManage Mobile retrieves data remotely from the Dell OpenManage Enterprise or OpenManage
Essentials one-to-many systems management console, and iDRAC server management controllers.
The information retrieved includes device inventory, health status information, alerts, log entries, and
configuration information. OMM can configure servers by using an iDRAC connection. OMM sends power
control operations and other commands by using the same OME or iDRAC connections. The devices that
subscribe to OME alerts receive them by using OpenManage Mobile Cloud Services (OMCS) and vendor-
specific push notification services. OMM also retrieves warranty data from Dell Services. OMM can start
external applications such as remote-desktop clients and web browsers.
In general, OMM communications are protected by the standard HTTPS protocol, which provides protection
against tampering and information disclosure. Remote hosts are identified by using the x509 PKI certificates.
OMM users are authenticated by using the systems management or iDRAC credentials.
2.1 General remote connection security
Dell EMC recommends that OMM connect to management networks by using VPN or encrypted Wi-Fi. This
connection layer security provides an extra layer of protection.
OMM connects to systems management console or iDRAC by using HTTPS which tunnels HTTP over the
TLS protocol. TLS signs and encrypts data, preventing tampering, information disclosure, and replay attacks.
Connections to the iDRAC GUI from OMM also use HTTPS.
Each systems management console or iDRAC is identified by using an x509 format PKI certificate. Because
consoles and iDRAC often have self-signed certificates, OMM displays the certificate information when it first
connects to a system for the user to review the details of the certificate. OMM attempts to automatically verify
the certificate based on its chain of trust, using the root certificates stored in the mobile phone. Verifiable
identities are highlighted green, whereas identities that contain a security fault or an expired trust are
highlighted red, and any non-verifiable, non-faulted certificate is highlighted yellow.
The user always has the choice of accepting or rejecting any presented certificate. When the user first
accepts the certificate, OMM records the certificate thumbprint for future use. Users are alerted if the
thumbprint changes during subsequent communication attempts. Rejecting a certificate terminates the
connection before any authentication or application data is shared.
Systems Management consoles and iDRAC users are authenticated by their OME (Windows) or iDRAC
credentials, which may be associated with an Active Directory Domain or other LDAP server. Connections to
iDRAC are logged.
While Warranty status and online (QRL) resources present publicly available information, OMM
communications with the Dell Warranty and QRL sites are also encrypted by using HTTPS. The information
cannot be tampered with, and an unauthorized observer would not be able to determine what information is
being exchanged with OMM. Dell EMC sites are identified by standard PKI certificates issued from a trusted
authority.
Most information within OMM may be forwarded by using email. While email clients are outside the scope of
OMM, many email clients will encrypt email message contents or transmit email over encrypted connections.
Users may voluntarily share information with Dell on how the app is used, including which features are used
and which devices it is used with. Information shared with Dell is sent via HTTPS. Dell does not store or use