Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerOpenManage IT Assistant Version 7.2 (Dell OpenManage 4.5.1)
81828384858687888990
84 Ensuring a Secure Dell OpenManage IT Assistant Installation
ASF and the SNMP Protocol
A final security consideration, starting with Dell™ OptiPlex™ GX260 systems, is the integrated Network
Interface Controller (NIC) that provides support for Alert Standard Format (ASF). ASF issues Platform
Event Traps (PET) corresponding to system health and security issues. Since these traps are supported
by the SNMP protocol, the managed system NIC must be configured with the IP address and
community string of the management station running IT Assistant.
In summary, to successfully and securely manage desktops, laptops, and workstations per the security
measures introduced in the paragraphs above, system administrators should adhere to the following
best practices:
Ensure that the operating system is up-to-date with the most recent operating system security patches.
For ASF-capable desktops, either disable ASF or implement SNMP community names that cannot be
easily guessed.
Securing Managed Server Systems
Securing the Managed System’s Operating System
As with desktops and workstations, the first step in securing a server is to ensure that it is running with
the most current service pack and appropriate critical hot fixes installed. Microsoft Software Update
Services, mentioned in the previous section, also applies to Microsoft Windows
®
2000 and Windows
Server™ 2003 servers. Similar services should be checked for Red Hat
®
Linux and Novell
®
NetWare
®
.
Choosing the Most Secure Managed System Server Protocol
Dell OpenManage Server Administrator, the current Dell server instrumentation software, uses the
SNMP and CIM protocols, which can be configured during a custom install.
CIM Monitoring, DCOM, and Windows Authentication
The CIM protocol, which uses DCOM security, leverages Windows challenge/response
(user ID/password) authentication. In addition, communication to managed system is established
through the domain/user ID/password accounts specified in each of the configured IT Assistant discovery
ranges. The format for these accounts is <domain name>\<user name> or localhost\<user name>.
NOTE: WMI security can be changed with utilities such as dcomcnfg.exe, wmimgmt.msc, and wbemcntl.
However, due to the potential for undesired side effects, implementing changes through these methods is not
recommended. See the Microsoft website for more information.
NOTE: Even in environments that intend to use only CIM for monitoring, SNMP is typically enabled because Server
Administrator only provides error notification using SNMP traps.