Reference Guide
Table Of Contents
- Dell EMC iDRAC Service Module Security Configuration Guide
- Contents
- Overview
- Security quick reference
- Product and subsystem security
- Miscellaneous configuration and management elements
- Internal security information
- Resources and support
- Contacting Dell EMC
Authentication to external systems
Apart from communication with iDRAC, iSM tries to communicate with Dell EMC SupportAssist servers to upload the support
logs from the node, fetch the system warranty, or open a case against a potential issue. The SupportAssist server certificate is
authenticated before transaction of the data.
Configuring remote connections
A successful connection to Dell EMC support servers need an active internet connection with outbound port number 443. If a
proxy is configured on the host operating system, then the appropriate credentials must be provided through iDRAC.
Controlling access to remote systems
The Dell EMC support servers are accessible through iDRAC to perform a designated set of operations such as:
● Server registration
● Warranty query
● Upload a TechSupportReport
● Update communication details
For more information about supported operations, see iDRAC Service Module User's Guide available at https://www.dell.com/
idracmanuals.
Remote component authentication
Access to the Dell EMC support servers is restricted to personnel or products owning the support client confidential information
dedicated to that entity. The iSM as a SupportAssist client verifies the certificate of the Dell EMC support server before
proceeding with further communication.
Authorization
General authorization settings
A default installation of iSM by the administrator installs the iDRAC User Interface (UI) launcher feature in read-only mode.
This facilitates opening an iDRAC UI session as a read-only user. iSM exposed features are configurable only by the system
administrator.
Configuring authorization rules
iSM does not support configuration or modification of the existing authorization rules published by interfaces installed by iSM.
Default authorizations
The ismtech utility creates an iDRAC user account only for the following capabilities in the iDRAC UI.
● Login to iDRAC
● Configure iDRAC
● Control and configure system
● Access virtual console
● Access virtual media
● Test alerts
● Execute debug commands
Product and subsystem security
13