Manualshelf

Owner's Manual

ManualsBrandsDell ManualsSoftwareDell OpenManage IT Assistant Version 8.9.1
221222223224225226227228229230
Ensuring a Secure Dell OpenManage IT Assistant Installation 221
In Figure 11-2, a user may connect to the IT Assistant management station
through a locally installed Terminal Services client or Windows XP Remote
Desktop connection. This connection requires a valid domain/user
ID/password. See Microsoft website for more information.
The additional level of security is derived by setting up restrictions on all
managed systems to only accept SNMP traffic from the IP address of the
system running the IT Assistant user interface ([UI] the network
management station). Terminal Services and Remote Desktop sessions
emulate traffic coming directly from the network management station;
therefore, access to IT Assistant is restricted only to Terminal Services clients
or a local network management station user. Any other connection, such as
another remote IT Assistant UI installation, would be unable to effectively
communicate with properly configured managed systems in the network since
traffic identified as originating from a system other than the network
management station would be refused.
NOTE: Terminal Services is an optional component of Microsoft Windows 2000 and
Microsoft Windows Server 2003 that can be installed in either admin or
application mode.
NOTE: When Terminal Services is installed in administrative mode, up to two users
can log in as long as they are members of the administrators group. When Terminal
Services is installed in application mode, non-administrator groups can log in and
more than two sessions are supported. However, application mode installation has
additional licensing implications. When installing IT Assistant on a system running
Terminal Services in application mode, the installation must be performed locally
and not through a terminal session.
Securing Ports for IT Assistant and Other
Supported Dell OpenManage Applications
Securing port 2607 of the IT Assistant Services Tier and ports 1311, 623, 161,
and 162 of the managed system can be done using IP Security (IPSec). To list
ports that are currently running on your server, you can use the command netstat
-an from a command prompt to show the status of all ports on your system.
The results of this command should indicate that the IT Assistant management
station should only accept a connection on port 2607 from the server hosting
the IT Assistant UI (which would be connected through Terminal Services).
Similarly, the managed systems should be configured to accept connections
through ports 1311, 161, and 162 from the management station.