Technical White Paper Understanding OpenManage Mobile (OMM) and Quick Sync Security (PowerEdge 14th Gen servers and MX Chassis) Abstract This technical white paper helps you understand mobile management security features and optimize your environment for maximum security on Dell EMC PowerEdge servers.
OpenManage Mobile at-the-server and at-the-chassis security Revisions Date Description March 2016 Initial release June 2017 Revised for Quick Sync 2, OMM 2.0 Aug 2018 Added security for MX Chassis Feb 2019 Revisions for VNC clients and MX Chassis Oct 2019 Added more details of certificate verification in OMM 3.
OpenManage Mobile at-the-server and at-the-chassis security Table of contents Revisions.............................................................................................................................................................................2 Acknowledgements .............................................................................................................................................................2 Table of contents .......................................................
OpenManage Mobile at-the-server and at-the-chassis security Executive summary Dell OpenManage Mobile (OMM) enables monitoring, provisioning, and troubleshooting of Dell PowerEdge servers as well as MX7000 chassis and associated sleds. In 2014, Dell EMC pioneered wireless at-the-server management with the NFC-based Quick Sync bezel. The latest generation of servers from Dell EMC support the Quick Sync 2 module that enables higher bandwidth Bluetooth Low Energy (BLE), and Wi-Fi connections.
OpenManage Mobile at-the-server and at-the-chassis security 1 OpenManage Mobile at-the-server and at-the-chassis security OpenManage Mobile (OMM) can: • • • Communicate directly with an iDRAC while at-the-server by using the Quick Sync 2 module and Quick Sync bezel technology. It can also communicate with MX7000 chassis using Quick Sync 2 module. Read server or MX chassis health, inventory, and configuration information including the Lifecycle Controller logs.
OpenManage Mobile at-the-server and at-the-chassis security that the unique iDRAC MAC address be supplied. Therefore, each out-of-the-box Quick Sync 2 connection is authenticated with system specific information. When connecting to servers by using Quick Sync 2, each server is identified by an x509 format PKI certificate identical to that used by the iDRAC web server or auto-discovery feature. Also, the Service Tag of each system is displayed while connecting.
OpenManage Mobile remote connection security 2 OpenManage Mobile remote connection security OpenManage Mobile retrieves data remotely from the Dell OpenManage Enterprise or OpenManage Essentials one-to-many systems management console, and iDRAC server management controllers. The information retrieved includes device inventory, health status information, alerts, log entries, and configuration information. OMM can configure servers by using an iDRAC connection.
OpenManage Mobile remote connection security any information that would personally identify an individual OMM user or information on customer networks, with the exception that the OMM client IP is logged temporarily for security purposes. The IP is not stored with analytics data and is discarded after a reasonable period of time. 2.2 Alert Push notification security Alerts sent by using push notifications pass through several systems before reaching a mobile device.
OpenManage Mobile remote connection security 2.3 Remote console security OMM can start third party remote console (VNC) applications based on the RFB protocol. OMM Android integrates with bVNC, while OMM iOS integrates with RealVNC and Remotix. When connecting to the latest generations of PowerEdge servers, these connections can be channeled over SSH by using standard iDRAC credentials. On iOS, this requires the paid Remotix app.
OpenManage Mobile on-device security 3 OpenManage Mobile on-device security OMM stores a variety of information on the mobile device, such as credentials, host address information, and settings. When used with iDRAC Quick Sync, server health, inventory, and configuration information are also cached. To protect this information, data is encrypted with a device-specific key, such as an optional password.
Technical support and resources A Technical support and resources Dell.com/support is focused on meeting customer needs with proven services and support. A.1 Related resources Dell OpenManage Mobile v3.3 User's Guide (Android and iOS): https://www.dell.com/support/home/us/en/04/product-support/product/openmanage-mobile-v3.