Manualshelf

White Papers

ManualsBrandsDell ManualsConverged InfrastructureSystems Management Solution Resources
12345678910
Understanding OpenManage Mobile (OMM) and Quick Sync Security (PowerEdge 14th Gen servers and
MX Chassis)
6
Technical support and resources
By default, Quick Sync 2 module users are authenticated to iDRAC by using the iDRAC credentials (same
goes for MX chassis). The 14th generation PowerEdge servers generally ship with a randomized secure
default password. If a legacy default password (root/calvin) is specifically requested, Quick Sync 2
requires that the unique iDRAC MAC address be supplied. Therefore, each out-of-the-box Quick Sync 2
connection is authenticated with system specific information.
When connecting to servers by using Quick Sync 2, each server is identified by an x509 format PKI
certificate identical to that used by the iDRAC web server or auto-discovery feature. The service tag of
each system is displayed while connecting, and administrators may activate the ID LED for more
assurance they are connecting to the system they expect.
Users can access all sleds and other components information on MX Chassis. Fetching of data is done on
Chassis via a proxy BLE service. For this proxy service again the highly secure TLS 1.2 protocol along with
128 bit-AES is used for encryption. Data internally on MX Chassis is fetched via internal VLAN on MX
Chassis. The connection in internal VLAN is secure and not accessible outside the MX Chassis box.
1.2 Quick Sync bezel security
An administrator using iDRAC Quick Sync
selected for use in mobile payment solutions.
Quick Sync bezels are available on selected 13
th
generation PowerEdge servers equipped with a
Quick Sync bezel. OMM Android uses Near-Field
Communication (NFC) technology to communicate
with the Quick Sync bezel.
Quick Sync bezels are protected by the physical
security afforded by NFC, and configuration.
Information is additionally protected by
authentication and encryption. Because of its
security properties, NFC technology is often
The Quick Sync bezel must be activated by an administrator physically present at the server. NFC
communications are limited to within a few centimeters of the bezel, precluding observation from outside the
data center or even from another area within the data center. Use of the iDRAC Quick Sync bezel is logged
within iDRAC.
An administrator applying a configuration by using the Quick Sync bezel must authenticate themselves by
using the iDRAC credentials. Configuration information sent to the Quick Sync bezel is cryptographically
protected. Configuration data is digitally signed and encrypted by using the industry standard AES algorithm
with 128-bit keys. Keys are dynamically generated for each configuration write-transaction and exchanged
by using the Diffie-Hellman key exchange algorithm. Unique sequence numbers prevent re- application of the
same configuration request. Therefore, Quick Sync bezel configuration information is protected against
tampering, information disclosure, and replay attacks.