Reference Guide
Table Of Contents
- Dell EMC OpenManage Integration Version 7.3 with Microsoft System Center (OMIMSSC) for System Center Operations Manager (SCOM) Security Configuration Guide
- Contents
- Figures
- Tables
- PREFACE
- Security Quick Reference
- Product and Subsystem Security
- Security Controls Map
- Authentication
- Login security settings
- Authentication types and setup considerations
- User and credential management
- Network security
- Data security
- Cryptography
- Auditing and logging
- Serviceability
- OMIMSSC Operating System update
- Product code integrity
- Miscellaneous Configuration and Management
Table 5. Port information for SCOM Management Servers and Dell EMC Alert Relay Servers (continued)
Communication
purpose
Port
number
Protocols Direction Source Destination Description
Health or metrics
update to SCOM
5985 and
5986
TCP In OMIMSSC
appliance
All SCOM
Management
Servers
PowerShell commands are
started from the appliance.
Inventory or health
update to SCOM
111 and
2049
TCP and
UDP
Out All SCOM
Management
Servers
OMIMSSC
appliance
Appliance permits NFS share to
share the inventory details with
management packs.
UI operations 443 TCP Out All SCOM
Management
Servers
OMIMSSC
appliance
UI operations using OMIMSSC
dashboard which is started from
the SCOM console.
Table 6. Port information for Dell EMC devices (iDRAC, CMC, OME-Modular, or network switch)
Communication
purpose
Port
number
Protocols Direction Source Destination Description
SNMP traps 162 UDP Out iDRAC,
CMC, or
network
devices
All SCOM
Management
Servers and Dell
EMC Alert Relay
Servers
OMIMSSC distributes the total
devices to all Alert Relay
Servers.
Alert Relay Servers receive the
alert and converts to Windows
events.
Health, metrics, or
inventory collection
from devices
443 TCP In OMIMSSC
Appliance
iDRAC, CMC, or
network devices
Uses WS-Man, Redfish, or
SNMP.
Data security
The data that is maintained by OMIMSSC is stored and secured in internal databases within the appliance and it cannot be
accessed from outside. OMIMSSC uses AES-256 based encryption for data security.
The data in transit is protected using HTTPS protocol.
Data at rest encryption
This section describes the capabilities for data-at-rest encryption in OMIMSSC. The sensitive data is stored in encrypted format
in the database. AES encryption algorithm is used with 256 key size.
OMIMSSC has encryption key management in place as described below.
Generate Encryption Key
OMIMSSC supports appliance unique encryption key. Each appliance generates a new key during appliance boot up sequence.
Access controls are in place to protect encryption key, key-store, and password.
Change Encryption Key
Encryption key can be changed by changing the password for admin account. Similarly, new encryption key will be used when
appliance is restored from one version to a higher version.
For more information, see Change OMIMSSC appliance admin password on page 16.
20
Product and Subsystem Security