Reference Guide

Table Of Contents

Certificate and key-based authentication

The iDRAC Service Module (iSM) generates the TLS self-signed certificates. iSM does not support custom certificate

configurations. Both iDRAC and iSM authenticate each other using certificates over trusted channel such as Intelligent Platform

Management Interface (IPMI) over Keyboard Controller Style (KCS). The minimum TLS version that is required for a successful

handshake is TLS 1.2.

While communicating to Dell EMC support servers, iSM validates the server certificate before any data exchange. Also, every

client of Dell EMC SupportAssist is authenticated using a client-unique credential, which is an offline process.

Multi-factor Authentication

Not applicable.

Other authentication sources

To facilitate launching of the iDRAC UI from within the host operating system, iSM uses Dell EMC proprietary token-based

session creation process.

Unauthenticated interfaces

Not applicable.

Selecting authentication sources

Not applicable.

User and credential management

● ismtech is a CLI command on all iSM supported operating systems. This command creates a user in iDRAC with

username ismtech to enable a Dell EMC service personnel to perform support-related actions. This utility is restricted

to administrator users only. It requests a password as input and sends a request to iDRAC for user account creation. iDRAC

uses its process to manage credentials. This password is not stored on the host operating system.

● For the feature InBandSNMPTraps, if the administrator has chosen the SMUX protocol with password to enable iDRAC

alert forwarding through the operating system as SNMP traps, then the password is managed in an administrator-restricted

file system location in the operating system.

● For the feature InBandSNMPGet, iSM creates an iDRAC local user with read-only privileges. These credentials are managed

by iDRAC.

Product and subsystem security