Manualshelf

White Papers

ManualsBrandsDell ManualsConverged InfrastructureSystems Management Solution Resources
3456789101112
Understanding OpenManage Mobile (OMM) and Quick Sync Security (PowerEdge 14th Gen servers and
MX Chassis)
11
Technical support and resources
3 OpenManage Mobile on-device security
OMM stores a variety of information on the mobile device, such as credentials, host address information, and
settings. When used with iDRAC Quick Sync, server health, inventory, and configuration information are also
cached.
To protect this information, data is encrypted with a device-specific key, such as an optional password.
When used with biometric fingerprint authentication, a fingerprint may be used to quickly access
information protected by the key.
3.1 On-Device security controls
OpenManage Mobile is protected by an optional password and optional fingerprint-based authentication.
These controls prevent an unauthorized user from logging in to the application. A fifteen-minute inactivity
timeout helps protect the app if the device is laid aside for some time. This password is in addition to any device
password.
Information stored within OMM is protected in an AES encrypted database and user preference files. The
encryption key includes a device-specific component so the data cannot be accessed from OMM on
another device, when the data is moved (even when a password is not used). If the password is used, the
password forms part of the encryption key, preventing access by anyone without the password. If fingerprint
authentication is used, the device stores an encrypted copy of the password with a key derived from the
fingerprint on behalf of the application. This security is in addition to any platform-specific encryption.
3.2 On-device securitybest practices
To better secure mobile devices used with OMM:
Use OMM with a password. Recommended passwords are at least 12 characters in length and use a
combination of uppercase, lowercase, number, and symbol characters.
Secure the device by using a password, pattern, or biometric lock. Locks are generally required
when VPN information is cached. Enable the lock when the screen is off, or the device is inactive for
more than 10 minutes.
Enable internal-storage encryption on your mobile device. Encryption is enabled by default in
Android 5, and iOS 8 or later.
Download OMM and other applications only from trusted sources such as the Google Play Store or the
Apple App Store. This includes applications launched by OMM including web browsers, VNC clients, and
email clients. Some trusted apps are typically included with the device.
Consider using an anti-malware app on the device.