Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
21222324252627282930
Technical support and resources
ID 483
5 Recover
Server solutions must support recovery to a known, consistent state as a response to various events:
o Newly discovered vulnerabilities
o Malicious attacks and data tampering
o Corruption of firmware due to memory failures or improper update procedures
o Replacement of server components
o Retiring or repurposing a server
The following section discusses responses to new vulnerabilities and corruption issues, and how to recover
the server to its original state if needed.
5.1 Rapid Response to New Vulnerabilities
Common Vulnerabilities and Exposures (CVEs) are newly discovered attack vectors that compromise
software and hardware products. Timely responses to CVEs are critical to most companies so they can swiftly
assess their exposure and take appropriate action.
CVEs can be issued in response to new vulnerabilities identified in many items including the following:
o Open Source code such as OpenSSL
o Web browsers and other Internet access software
o Vendor product hardware and firmware
o Operating systems and hypervisors
Dell EMC works aggressively to quickly respond to new CVEs in PowerEdge servers and provide customers
timely information including the following:
o Which products are affected?
o What remediation steps may be taken.
o If needed, when updates are available to address the .VE.
5.2 BIOS and operating system Recovery
Dell EMC 14th and 15th generation PowerEdge servers include two types of recovery: BIOS Recovery and
Rapid Operating System Recovery. These features enable rapid recovery from corrupted BIOS or operating
system images. In both cases, a special storage area is hidden from run-time software (BIOS, operating
system, device firmware, so on). These storage areas contain pristine images that can be used as
alternatives to the compromised primary software.
Rapid Operating System Recovery enables rapid recovery from a corrupted operating system image or an
operating system image that is suspected of malicious tampering. The recovery media can be using internal
SD card, SATA ports, M.2 drives, or internal USB. A recovery image of the operating system can be installed
on the selected device. That device can then be disabled and hidden from the boot list and operating system.
In the hidden state, BIOS disables the device making it inaccessible by the operating system. If the operating
system is corrupted, the recovery location can then be enabled for boot. These settings can be accessed
through BIOS or the iDRAC interface.