White Papers
Direct from
Development
PowerEdge Product Group
© 2018 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries
Encrypting management network traffic
In previous versions of PowerEdge servers, communications between devices with a chassis was expected to be secure
due to the ‘physical’ security of a private internal network. A iDRAC blade would automatically become part of the
chassis group by being physically inserted into the chassis. Communications to the sled from the CMC were done over
telnet, HTTP, and other unencrypted channels. The authentication between the processes on the devices was often
common shared passwords or other such preprogrammed credentials. While this was an extremely fast and robust
design, Dell EMC has evaluated these processes and identified security concerns, concerns that have been addressed
in the MX7000.
No longer are communications made over “clear text” HTTP connections, the new Redfish interface used in the chassis
is done completely over HTTPS. The encryption of the REST information prevents packet snooping by other devices on
the network. Previous multitenant chassis could be compromised by a malicious user, attempting to steal information
from others on the same chassis. With the encrypted HTTPS communications this is no longer possible.
HTTPS is not the only communications path updated on the MX7000, all communications between iDRACs and
Management Modules inside the chassis is encrypted. Linux sockets between iDRAC and the Management Module are
encrypted using ECC (Elliptic Curve Cryptography). Communications over network sockets is possible only after iDRAC
and Enclosure Controller have established bidirectional machine to machine trust. Only when both sides have vetted
the other, are the connections established, using the keys transferred during trust establishment. This protects data
passed between the devices, preventing snooping, as well as blocking attackers from pretending to be a Dell EMC
device and accessing data.
Another issue addressed in the MX7000 is the use of a common default or fixed “hidden” user accounts with passwords
programmed into the firmware. A fixed username/password know to the software allowed each device to quickly access
and configure others without requiring the user interaction. The pitfalls of a common shared passwords are well
documented and to avoid these issues the new MX7000 chassis uses unique, short duration and stateless token
authentication. Unlike the normal username and password tokens are not tied to an actual user account on a device. In
the MX7000 the iDRAC can issue an admin token to the MSM for reading/changing configuration without effecting user
based authentication from its GUI. The MSM does not need a ‘user’ account and the new automated machine to
machine trust assures the iDRAC is talking to an authentic MSM. Since the MSM is now a trusted administrator this
presents all sorts of new possibilities.
Conclusion
Conclusions
Throughout this paper we have demonstrated how the PowerEdge MX solution has a robust security protocol and
architecture. By implementing a secure boot process within the MX7000 we ensure that the system starts running only if
the code passes integrity checks. Subsequently runtime security measures ensure that the system remains safe from
malicious hacking attempts. And additionally, a validated network security measure ensures that everything in the
chassis is a system running trusted code. These enhanced security measures use best-in-class tools to protect
customer systems, and we believe that this new chassis represents the most secure chassis management system in the
industry.