Manualshelf

White Papers

ManualsBrandsDell ManualsConverged InfrastructureSystems Management Solution Resources
12345678910
Understanding OpenManage Mobile (OMM) and Quick Sync Security (PowerEdge 14th Gen servers and
MX Chassis)
5
Technical support and resources
1 OpenManage Mobile at-the-server and at-the-chassis
security
OpenManage Mobile (OMM) can:
Communicate directly with an iDRAC while at-the-server by using the Quick Sync 2 module and Quick
Sync bezel technology. Also, communicate with MX7000 chassis using Quick Sync 2 module.
Read server or MX chassis health, inventory, and configuration information including the Lifecycle
Controller logs.
Provision iDRAC settings such as the network configuration, root credentials, first boot device, and
location information.
Administrators may power-cycle a system by using Quick Sync 2 or Quick Sync. Administrators who use
Quick Sync 2 to run RACADM commands have access to all the iDRAC troubleshooting capabilities.
1.1 Quick Sync 2 module security
On the 14th generation PowerEdge servers and MX chassis equipped with the Quick Sync 2 module, OMM
uses BLE and Wi-Fi technology to communicate. Quick Sync 2 modules support both Android and iOS.
Quick Sync 2 module technology provides a level of physical security. To activate a Quick Sync 2 module, an
administrator must be physically present at the server to press the activation button. Activation button is a
physical button on servers and a virtual button on MX Chassis LCD. Until Quick Sync 2 is activated, no
information can be exchanged or observed.
Prior to authentication, Quick Sync 2 BLE communications are attenuated to about 1 meter in range for
typical devices. After authentication, the range is extended; the typical range is 5 meters but may vary
based on the RF environment. The Quick Sync Wi-Fi range once activated is about 5 meters.
Using the Quick Sync 2 module user logs in iDRAC or MX Chassis. Quick Sync 2 BLE connections are
limited to one mobile device per server at a time, and repeated attempts to access a system with invalid
credentials will trigger a lockout, thus requiring a manual reactivation (by pressing the button) of the Quick
Sync 2.
After connecting to a server by using Quick Sync 2 BLE, a specifically adapted version of the industry standard
TLS 1.2 protocol is used to communicate. Diffie-Hellman key exchange is performed by using 2048-bit or larger
primes, and 128-bit symmetric AES keys are used to encrypt all subsequently exchanged BLE data. The GCM
Authenticated Encryption with Associated Data cipher mode is used with unique sequence numbers to protect
against tampering, information disclosure, and replay attacks.
Quick Sync 2 Wi-Fi is activated only on demand, when required for communications that require higher
bandwidth or IP-based communications. Whenever Quick Sync 2 Wi-Fi is activated, a new random
WPA2PSK key is generated and exchanged with OMM over the BLE connection. The relatively short key
lifetime helps protect Wi-Fi level communications. Diagnostics information, RACADM commands, and
iDRAC GUI access are further protected by HTTPS in the same manner as remote connections. Remote
desktop connections may be protected by using the VNC over SSH or VNC over TLS.