Reference Guide
Table Of Contents
- OpenManage Integration for VMware vCenter version 5.3 Security Configuration Guide
- Figures
- Tables
- PREFACE
- Terms used in this document
- Deployment models
- Product and Subsystem Security
- Security controls map
- Authentication
- Login security settings
- Authentication types and setup considerations
- User and credential management
- Network security
- Data security
- Cryptography
- Auditing and logging
- Serviceability
- OMIVV OS update
- Product code integrity
- Miscellaneous Configuration and Management
Assign Dell privileges to existing role
About this task
If specific pages of OMIVV are accessed with no Dell privileges that are assigned to the logged-in user, the 2000000 error is
displayed.
You can edit an existing role to assign the Dell privileges.
Steps
1. Log in to the vSphere Client (HTML-5) with administrative rights.
2. In vSphere Client (HTML-5), expand Menu, click Administration → Roles.
3. From the Roles provider drop-down list, select a vCenter server.
4. From the Roles list, select Dell-Operational, and then click PRIVILEGES.
5. To assign the Dell privileges, click the edit icon [
].
The Edit Role page is displayed.
6. In the left pane, click Dell, and then select the following Dell privileges for the selected role, and then click NEXT:
● Dell.Configuration
● Dell.Deploy-Provisioning
● Dell.Inventory
● Dell.Monitoring
● Dell.Reporting
For more information about the available OMIVV roles within vCenter, see Dell Operational role on page 16.
7. Edit the role name and enter description for the selected role, if required.
8. Click FINISH.
Log out and log in from the vCenter. The user with necessary privileges can now perform the OMIVV operations.
vCenter user security
Security roles and permissions
The OpenManage Integration for VMware vCenter stores user credentials in an encrypted format. It does not provide any
passwords to client applications to avoid any improper requests. The backup database is fully encrypted by using custom
security phrases, and hence data cannot be misused.
By default, users in the Administrators group have all the privileges. The Administrators can use all the functions of the
OpenManage Integration for VMware vCenter within VMware vSphere web client. If you want a user with necessary privileges
to manage the product, do the following:
1. Create a role with necessary privileges.
2. Register a vCenter server by using the user.
3. Include both the Dell operational role and Dell infrastructure deployment role.
Data integrity
The communication between the OpenManage Integration for VMware vCenter, Administration Console, and vCenter is
accomplished by using HTTPS. The OpenManage Integration for VMware vCenter generates a certificate that is used for
trusted communication between vCenter and the appliance. It also verifies and trusts the certificate of the vCenter server
before communication and the OpenManage Integration for VMware vCenter registration.
A secure Administration Console session has a 15 minutes idle time-out, and the session is only valid in the current browser
window and/or tab. If you try to open the session in a new window or tab, a security error is prompted that asks for a valid
session. This action also prevents the user from clicking any malicious URL that can attack the Administration Console session.
Product and Subsystem Security
15