Dell EMC OpenManage Enterprise Update Manager 1.1 Security Configuration Guide June 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2020 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Tables........................................................................................................................................... 4 Chapter 1: PREFACE..................................................................................................................... 5 Chapter 2: Deployment models......................................................................................................6 Chapter 3: Product and Subsystem Security ...........................................
Tables 4 1 Role-based privileges for Update Manager......................................................................................................... 8 2 Role-based privileges for OpenManage Enterprise........................................................................................... 9 3 EEMI messages in Update Manager....................................................................................................................
1 PREFACE As part of an effort to improve its product lines, Dell EMC periodically releases revisions of its software and hardware. Some functions that are described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information about product features. Contact your Dell EMC technical support professional if a product does not function properly or does not function as described in this document.
2 Deployment models You can download and install Update Manager plug-in from dell.com (online) or from an already downloaded package in a network share (offline). You can configure this setting in OpenManage Enterprise (Application Settings > Console and Plugins > Update Settings). For more information, see the Update settings in OpenManage Enterprise section in OpenManage Enterprise User's Guide. Prerequisites Ensure that you are using OpenManage Enterprise version 3.6 or above. Steps 1.
3 Product and Subsystem Security Topics: • • • • • • • • • Security controls map Authentication Login security settings User and credential management RBAC privileges Data security Cryptography Auditing and logging Serviceability Security controls map Using Update Manager create and manage custom repositories for the PowerEdge devices that are discovered and managed in OpenManage Enterprise. Interact with the Update Manager UI through a browser using HTTPS protocol.
Failed login behavior By default, after three unsuccessful logins, the OpenManage account is locked for 900 seconds. For more information, see Set the login security properties topic in OpenManage Enterprise User's Guide. Emergency user lockout You can block users from logging into OpenManage Enterprise, based on various parameters. For more information, see the Set the login security properties topic in OpenManage Enterprise User's Guide.
Table 2. Role-based privileges for OpenManage Enterprise Functions Administrator Device Manager Viewers Update firmware with baseline Allowed compliance report Allowed (Owned by DM) Not allowed Update Settings Allowed Not allowed Not allowed Create alert policy Allowed Allowed (Owned by DM) Not allowed Scope-Based Access Control (SBAC) in OpenManage Enterprise With the use of Role-Based Access Control (RBAC) feature, administrators can assign roles while creating users.
Transfer ownership: The administrator can transfer owned resources from a device manager (source) to another device manager. For example, an administrator can transfer all the resources that are assigned from a source dm1 to dm2. A device manager with owned entities such as firmware and/or configuration baselines, configuration templates, alert policies, and profiles are considered an eligible source user.
Table 3. EEMI messages in Update Manager (continued) Message ID Message Description CUMP0019 The storage space has reached or exceeded 80% of the configured value. CUMP0020 Unable to create the repository version because the maximum number of versions are already created. CUMP0021 The repository version of repository is deleted successfully. CUMP0022 The repository bundle(s) or component(s) of repository is deleted successfully.
4 Contacting Dell Prerequisites NOTE: If you do not have an active Internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell product catalog. About this task Dell provides several online and telephone-based support and service options. Availability varies by country and product, and some services may not be available in your area. To contact Dell for sales, technical support, or customer service issues: Steps 1. Go to Dell.com/support. 2.
