Dell EMC OpenManage Integration 2.0 with Microsoft Windows Admin Center Security Configuration Guide February 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2019 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Tables........................................................................................................................................... 4 Chapter 1: PREFACE..................................................................................................................... 5 Chapter 2: Security quick reference.............................................................................................. 7 Deployment models....................................................................
Tables 1 4 Tables Ports Windows Admin Center listens for connections.....................................................................................
1 PREFACE As part of an effort to improve its product lines, Dell EMC periodically releases revisions of its software and hardware. Some functions that are described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information about product features. Contact your Dell EMC technical support professional if a product does not function properly or does not function as described in this document.
2. Select your support category. 3. Verify your country or region in the Choose a Country/Region drop-down list at the bottom of the page. 4. Select the appropriate service or support link based on your need. Your comments Your suggestions will help us continue to improve the accuracy, organization, and overall quality of the user publications. Send your opinions of this document to techpubcomments@dell.com.
2 Security quick reference Topics: • • Deployment models Security profiles Deployment models You can download Dell EMC OpenManage Integration with Windows Admin Center from dell.com. Prerequisites: Before you install OpenManage Integration version 2.0, ensure that you have installed the Windows Admin Center Preview 2012. Microsoft Windows Admin Center (Microsoft WAC) is a locally deployed, browser-based app for managing Windows servers, clusters, hyper-converged infrastructure.
3 Product and subsystem security Topics: • • • • • • • • • • • Security controls map Authentication Login security settings Authentication types and setup considerations Authorization Network security Data security Cryptography Auditing and logging Serviceability Product code integrity Security controls map Dell EMC OpenManage Integration with Microsoft Windows Admin Center (OMIMSWAC) is a Windows Admin Center extension which enables to manage: ● The PowerEdge servers as hosts ● Microsoft Failover Cluste
As the diagram depicts, OMIMSWAC interacts with downloads.dell.com through HTTPS protocol and with the network share through the CIFS. OMIMSWAC does not store any credentials in any database or file storage. Secure session token is stored in browser cache and then it is discarded as soon as the session is invalidated. All accesses are managed by Microsoft Windows Admin Center (MS WAC) itself.
Authentication types and setup considerations Authentication is inherited from the Windows Admin Center. There is no additional authentication supported by OMIMSWAC extension. It is managed by Windows Admin Center itself (for more details, see https://docs.microsoft.com/en-us/windowsserver/manage/windows-admin-center/configure/user-access-control) For more information about Windows Admin Center authentication, see https://docs.microsoft.
Network exposure Table 1. Ports Windows Admin Center listens for connections Port number Type Function Configurable port Maximum Encryption Level 6516 (default)(win 10) TCP or 443 (default)(service mode) HTTPS Yes 256-bit SSL 445 Common Internet File System (CIFS)/SMB (Server Message Block) No None TCP For more information about the SMB port 445, see Port configuration on the target server in Microsoft document. Data security OMIMSWAC extension doesn't store any sensitive customer data.
Ensure that the downloaded catalog file, DSU and IC are not modified during compliance generation and update. The catalog file, DSU, and IC utilities are automatically removed after the compliance report is generated and updated. Logs for pre update script running on HCI clusters to put storage into maintenance mode are available at \Temp\precau.log on each node.
4 Miscellaneous Configuration and Management Elements Topics: • • • • • OpenManage Integration with Microsoft Windows Admin Center Licensing Credential Security Service Provider (CredSSP) OS to iDRAC Pass through Protect authenticity and integrity Manage backup and restore in OMIMSWAC OpenManage Integration with Microsoft Windows Admin Center Licensing This section provides licensing guidance for OpenManage Integration with Microsoft Windows Admin Center (OMIMSWAC).
Purchase OMIWAC Premium License OMIWAC Premium Licenses can be purchased while ordering the corresponding servers and solutions through Point of Sale (POS) or After Point of Sale (APOS) by contacting Dell sales representatives. The OMIWAC Premium License is bundled as part of the server license if purchased along with the server. If the license is purchased in APOS method, import the license manually using the iDRAC. For more information about importing license manually, see iDRAC documentation.
Protect authenticity and integrity To ensure product integrity, the OMIMSWAC installation components are signed. OMIMSWAC extension leverages the API provided by Microsoft while accessing and downloading components from https:// downloads.dell.com and verifies the signature of all the components that are downloaded from https://downloads.dell.com. Catalog (.gz file) and dependent update tools such as DSU and IC are expected to be signed before usage.
5 Contacting Dell Prerequisites NOTE: If you do not have an active Internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell product catalog. About this task Dell provides several online and telephone-based support and service options. Availability varies by country and product, and some services may not be available in your area. To contact Dell for sales, technical support, or customer service issues: Steps 1. Go to Dell.com/support. 2.
