Reference Guide
Table Of Contents
- Dell EMC iDRAC Service Module Security Configuration Guide
- Contents
- Overview
- Security quick reference
- Product and subsystem security
- Miscellaneous configuration and management elements
- Internal security information
- Resources and support
- Contacting Dell EMC
Login security settings
iDRAC Service Module (iSM) does not track or perform user authentication. However, to perform user authentication, all
command line interfaces require either administrator- or root-user-level roles. Any failure to comply with this is audited in
operating system logs or a console message is displayed.
Login banner configuration
iSM does not support any option to perform banner configuration.
Failed login behavior
iSM leverages the operating system authentication and authorization policies.
Emergency user lockout
Not applicable.
Authentication types and setup
● The iDRAC Service Module (iSM) and iDRAC authenticate each other using dynamically generated self-signed certificates.
The certificate exchanges over trusted channels such as Keyboard Controller Style (KCS) and USB NIC, which is a link-local
network. The validity period of certificates is ten years. The Public Key Infrastructure (PKI) used is RSA 2048.
● iSM supports creating an iDRAC session from the host operating system. The iDRAC session privilege can be configured by
the administrator at the point of iSM installation. The administrator can either:
○ Disable
○ Allow a ReadOnly session
○ Allow a session with administrator privileges on iDRAC
When the iDRAC Launcher is invoked from the host operating system, the iDRAC UI dashboard is rendered using the default
browser that is configured by the administrator. The privilege selected during the iSM installation process is enforced in this UI
session.
Configuring local authentication sources
The iDRAC Service Module (iSM) does not support configuring any external authenticating sources such as Lightweight
Directory Access Protocol (LDAP). Below are the iSM features that use a username password for the relevant functionality.
● Route iDRAC SNMP alerts by the host operating system. This feature on Linux operating systems supports alert forwarding
over the SMUX protocol. The administrator can create a password for the SMUX protocol using the following interface:
/opt/dell/srvadmin/iSM/bin/Enable-iDRACSNMPTrap.sh changesmuxpasswd <password>
● The iSM feature InbandSNMPGet allows administrators to perform an SNMP Get and Walk of the iDRAC supported MIB
by the host operating system. This feature creates an SNMP v3 user in iDRAC in ReadOnly mode. The username is
iSMSNMPv3.
Configuring active directory
Not applicable.
10
Product and subsystem security