Dell EMC OpenManage Integration 2.1 with Microsoft Windows Admin Center Security Configuration Guide July 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2019 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Tables........................................................................................................................................... 4 Chapter 1: PREFACE..................................................................................................................... 5 Chapter 2: Security quick reference.............................................................................................. 6 Deployment models....................................................................
Tables 1 4 Tables Ports Windows Admin Center listens for connections....................................................................................
1 PREFACE As part of an effort to improve its product lines, Dell EMC periodically releases revisions of its software and hardware. Some functions that are described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information about product features. Contact your Dell EMC technical support professional if a product does not function properly or does not function as described in this document.
2 Security quick reference Topics: • • Deployment models Security profiles Deployment models You can download Dell EMC OpenManage Integration with Windows Admin Center from dell.com. Prerequisites: Before you install OpenManage Integration version 2.1, ensure that you have installed the Windows Admin Center 2103.2 GA. Microsoft Windows Admin Center (Microsoft WAC) is a locally deployed, browser-based app for managing Windows servers, clusters, hyper-converged infrastructure.
3 Product and subsystem security Topics: • • • • • • • • • • • Security controls map Authentication Login security settings Authentication types and setup considerations Authorization Network security Data security Cryptography Auditing and logging Serviceability Product code integrity Security controls map Dell EMC OpenManage Integration with Microsoft Windows Admin Center (OMIMSWAC) is a Windows Admin Center extension which enables to manage: ● The PowerEdge servers as hosts ● Microsoft Failover Cluste
As the diagram depicts, OMIMSWAC interacts with downloads.dell.com through HTTPS protocol and with the network share through the CIFS. OMIMSWAC does not store any credentials in any database or file storage. Secure session token is stored in browser cache and then it is discarded as soon as the session is invalidated. All accesses are managed by Microsoft Windows Admin Center (MS WAC) itself.
Authentication types and setup considerations Authentication is inherited from the Windows Admin Center. There is no additional authentication supported by OMIMSWAC extension. It is managed by Windows Admin Center itself (for more details, see https://docs.microsoft.com/en-us/windowsserver/manage/windows-admin-center/configure/user-access-control) For more information about Windows Admin Center authentication, see https://docs.microsoft.
Network exposure Table 1. Ports Windows Admin Center listens for connections Port number Type Function Configurable port Maximum Encryption Level 6516 (default)(win 10) TCP or 443 (default)(service mode) HTTPS Yes 256-bit SSL 445 Common Internet File System (CIFS)/SMB (Server Message Block) No None TCP For more information about the SMB port 445, see Port configuration on the target server in Microsoft document. Data security OMIMSWAC extension doesn't store any sensitive customer data.
Ensure that the downloaded catalog file, DSU and IC are not modified during compliance generation and update. The catalog file, DSU, and IC utilities are automatically removed after the compliance report is generated and updated. Logs for pre update script running on HCI clusters to put storage into maintenance mode are available at \Temp\precau.log on each node.
4 Miscellaneous Configuration and Management Elements Topics: • • • • • OpenManage Integration with Microsoft Windows Admin Center Licensing Credential Security Service Provider (CredSSP) OS to iDRAC Pass through Protect authenticity and integrity Manage backup and restore in OMIMSWAC OpenManage Integration with Microsoft Windows Admin Center Licensing This section provides licensing guidance for OpenManage Integration with Microsoft Windows Admin Center (OMIMSWAC).
○ Windows Server HCI cluster created from AX and/or S2D ready nodes from Dell Technologies. ○ Individual nodes such as AX nodes, S2D ready nodes, and PowerEdge nodes. ● Preparing nodes for cluster expansion is supported for: ○ Azure Stack HCI cluster created from AX nodes from Dell Technologies. ○ Windows Server HCI cluster created from AX nodes from Dell Technologies. ○ Failover cluster.
When cluster is not in use, it is recommended to disable the credssp. OS to iDRAC Pass through While fetching inventory from the target node, OMIMSWAC extension enables the OS-to-iDRAC pass through for the very first time, if it is not enabled. Protect authenticity and integrity To ensure product integrity, the OMIMSWAC installation components are signed. OMIMSWAC extension leverages the API provided by Microsoft while accessing and downloading components from https:// downloads.dell.
5 Contacting Dell Prerequisites NOTE: If you do not have an active Internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell product catalog. About this task Dell provides several online and telephone-based support and service options. Availability varies by country and product, and some services may not be available in your area. To contact Dell for sales, technical support, or customer service issues: Steps 1. Go to Dell.com/support. 2.
