Dell Security Management Server Virtual Quick Start and Installation Guide v10.2.13 November 2020 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2012-2020 Dell Inc. All rights reserved.
Contents Chapter 1: Quick Start Guide.........................................................................................................5 Installation............................................................................................................................................................................. 5 Configuration.......................................................................................................................................................................
Chapter 5: Post-Installation Configuration.................................................................................. 31 Validate Manager Trust Chain Check............................................................................................................................31 Chapter 6: Management Console Administrator Tasks................................................................. 32 Assign Dell Administrator Role...........................................................................
1 Quick Start Guide This Quick Start Guide is for more experienced users, to get the Dell Server up and running fast. As a general rule, Dell recommends installing the Dell Server first, followed by installation of clients. For more detailed instructions, see the Security Management Server Virtual Installation Guide. For information about Dell Server prerequisites, see Security Management Server Virtual Prerequisites , Management Console Prerequisites, and Proxy Mode Prerequisites.
● ● ● ● ● ● ● ● Policy Based Encryption will be enabled with Common-Key encryption Computers with self-encrypting drives will be encrypted BitLocker Management is disabled Advanced Threat Prevention is disabled Threat Protection is disabled External media will not be encrypted Ports will not be managed by Port Control Devices with Full Disk Encryption installed will not be encrypted See the AdminHelp topic Manage Policies to navigate to Technology Groups and policy descriptions.
2 Detailed Installation Guide This Installation Guide is for less experienced users, to install and configure Security Management Server Virtual. As a general rule, Dell recommends installing the Security Management Server Virtual first, followed by installation of clients. For information on how to update an existing Security Management Server Virtual, see Update Security Management Server Virtual.
Virtualized Environments ● VMware Workstation 14.0 ○ ○ ○ ○ ○ 64-bit CPU required 8 GB RAM required 80 GB Hard Drive Space Host computer with at least two cores See http://www.vmware.com/resources/compatibility/search.php?deviceCategory=software&testConfig=17 for a complete list of supported Host Operating Systems ○ Hardware must conform to minimum VMware requirements ○ See https://kb.vmware.com/s/article/1003746 for more information ● VMware Workstation 14.
Virtualized Environments ○ ○ ○ ○ ○ ○ 64-bit x86 CPU required Host computer with at least two cores 8 GB RAM minimum required 80 GB Hard Drive Space An Operating System is not required See http://www.vmware.com/resources/compatibility/search.php?deviceCategory=software&testConfig=17 for a complete list of supported Host Operating Systems ○ Hardware must conform to minimum VMware requirements ○ See https://kb.vmware.com/s/article/1003746 for more information ● VMware ESXi 6.
If Internet Explorer is required to validate the Management Console, you must disable Internet Explorer Enhanced Security Configuration for the account type that corresponds to the logged-in administrator. Proxy Mode Hardware The following table details minimum hardware requirements. Processor Modern Dual-Core CPU (1.5 Ghz +) RAM 2 GB minimum dedicated RAM / 4 GB dedicated RAM recommended Free Disk Space 1.
Operating System ● Windows Server 2016 - Standard Edition - Datacenter Edition ● Windows Server 2012 R2 - Standard Edition - Datacenter Edition ● LDAP Repository - Active Directory 2008 R2 - Active Directory 2012 R2 - Active Directory 2016 Security Management Server Virtual Architecture Design The Encryption Enterprise and Endpoint Security Suite Enterprise solutions are highly scalable products, based on the number of endpoints targeted for encryption in your organization.
Download and Install OVA File At initial installation, Security Management Server Virtual is delivered as an OVA file, an Open Virtual Application used to deliver software that runs on a virtual machine. The OVA file is available at www.dell.
1. 2. 3. 4. Navigate to the Drivers and downloads page for the appropriate product listed above. Click Drivers & downloads. Select the appropriate VMware ESXi version. Download the appropriate bundle. To install the OVA file: Before you begin, ensure that all system and virtual environment Requirements are met. 1. Do one of the following: VMware In the Dell installation media, locate Security Management Server Virtual v10.x.x Build x.ova and double-click to import into VMware.
9. In Configure Hostname, use the backspace key to remove the default hostname. Enter a unique hostname and select OK. 10. In Configure Network Settings, choose either option below, then select OK. ● (Default) Use DHCP (IPv4) ● (Recommended) InUse DHCP, press the space bar to remove the X and manually enter these addresses, as applicable: Static IP Network Mask Default Gateway DNS Server 1 DNS Server 2 DNS Server 3 Either IPv6 or IPv4 can be selected for a static configuration. ● 11. 12. 13. 14. 15. 16.
Select option "a" or "b" below: a. To use an existing certificate that was purchased from a CA authority, select Import an existing certificate and click Next. b. To create a self-signed certificate, select Create a self signed certificate and import it to key store and click Next. At the Create Self-Signed Certificate dialog, enter the following information: Fully qualified computer name (example: computername.domain.
Name Description Message Broker Enterprise Server Bus Identity Server Handles domain authentication requests. Compatibility Server A service for managing the enterprise architecture. Security Server Provides the mechanism for controlling commands and communication with Active Directory. Compliance Reporter Provides an extensive view of the environment for auditing and compliance reporting. Core Server A service for managing the enterprise architecture.
NOTE: When using a static IP, you must create a host entry in the DNS server. Set DMZ Server Support This task can be completed at any time. It is not required to begin using Security Management Server Virtual. 1. From the Basic Configuration menu, select DMZ Server Support. 2. Use the space bar to enter an X in the Enable DMZ Server Support field 3. Enter the fully qualified domain name of the DMZ server and select OK.
NOTE: The version number may differ from the attached screen capture. 3. Select the desired action: ● Set Proxy Settings - Select this option to set the proxy settings for downloading updates. In the Configure Proxy Settings screen, press the space bar to enter an X in Use Proxy. Enter the HTTPS, and HTTP. If firewall authentication is required, press the space bar to enter an X in Authentication Required. Enter the user name and password, and select OK.
NOTE: The version number may differ from the attached screen capture. ● When selecting Install Updates, the Security Management Server Virtual queries the built-in, default Ubuntu repositories and dist.ddspproduction.com, Dell's custom repository containing application updates. NOTE: Dell queries dist.ddspproduction.com through port 443 and port 80 for all Ubuntu updates. Any available updates are downloaded. The proxy settings defined in Set Proxy are used for port 443 and port 80 connections for download.
NOTE: The version number may differ from the attached screen capture. Update Security Management Server Virtual (Disconnected Mode) 1. Dell recommends performing a regular backup. Before updating, ensure that the backup process has been functioning properly. See Backup and Restore. 2. Obtain the .deb file that contains the latest Dell Server update from Dell ProSupport. 3. Store the .deb file in the /var/opt/dell/dsmsv/ftp/files/updates folder on the secure FTP server of the Dell Server.
7. Select Yes to stop the Security Management Server Virtual's services. 8. The Debian package is verified and upgraded.
9. After the update completes, change the database password. NOTE: The version number may differ from the attached screen capture. Change User Passwords This task can be completed at any time. It is not required to begin using Security Management Server Virtual. You can change passwords for these users: ● delluser (Terminal administrator) - This user has access to the Dell Server terminal and its menus. ● dellconsole (shell access) - This user has Dell Server shell access.
Set up Secure File Transfer (SFTP) Users This task can be completed at any time. It is not required to begin using Security Management Server Virtual. 1. From the Basic Configuration menu, select SFTP. 2. In the SFTP screen, to add an SFTP user and define a password, press Enter or the down key in Status for the user. Pressing the space bar key offers the option update or delete an existing user. To disable an SFTP user, select Delete after selecting user and then selectYes on the SFTP confirmation screen .
Advanced Terminal Configuration Tasks Advanced configuration tasks are accessed from the Main Menu. Configure Log Rotation NOTE: The instructions below define log rotate for applications on the Dell Security Management Server Virtual that support log rotation. This task can be completed at any time. It is not required to begin using Security Management Server Virtual. Daily log rotation is enabled by default.
To store backups to an FTP server, the FTP client must support SFTP on port 22. According to backup requirements of the organization, backups can be downloaded in the following ways: ● Manually ● Through automated script ● Through the organization's approved backup solution To download backups using the organization's backup solution, obtain detailed instructions from your backup solution vendor. NOTE: The Dell Server is based on Linux Debian Ubuntu x64.
NOTE: Keep the export password because you will enter it when you import the certificate into Security Management Server Virtual. 2. On the FTP Server of the Dell Server, store the certificate to /certificates. 3. From the Advanced Configuration menu, select Server Certificates. 4. Select Import Existing Certificate. 5. Select a certificate file to be installed on the Dell Server. 6. When prompted, enter the certificate export password and select OK. 7. When the import is complete, select OK.
Enable Database Access This task can be completed at any time. It is not required to begin using Security Management Server Virtual. NOTE: Dell recommends that you enable database access only if necessary and disable after the necessity has been completed. 1. From the Advanced Configuration menu, select Database Access. 2. Use the space bar to enter an X in Enable Database Access and select OK. If the database password has not yet been configured, a prompt for the database password displays. 3.
● space bar progresses the logs by one page. Open the Command Line Interface To open the command line interface, in the Main Menu, select Launch Shell. To exit the command-line interface, type exit and press Enter. Generate a System Snapshot Log To generate a System Snapshot Log for Dell ProSupport, in the Main Menu, select Support Tools. 1. From the Support Tools menu, select Generate System Snapshot Log. 2. At the indication that the file is created, select OK.
3 Maintenance Remove unneeded Security Management Server Virtual backups. Only the ten most recent backups are retained. If disk partition space is at ten percent or less, no more backups are stored. If this condition occurs, you will receive an email notification that disk allocation space is low.
4 Troubleshooting If an error occurs, and you have configured email notifications, you will receive an email notification. Based on the information in the email notification, follow these steps: 1. Check applicable log files. 2. Restart services, as needed. It is a best practice to restart the services any time a settings change is made. 3. Generate a System Snapshot Log. 4. Contact Dell ProSupport. For more information, see Contact Dell ProSupport.
5 Post-Installation Configuration After installation, some components of your environment may need to be configured, based on the Dell Data Security solution used by your organization. After installing the Security Management Server Virtual, the following defaults should be modified: ● Change the back end server password at the following location: C:\Program Files\Dell\Enterprise Edition\Message Broker\conf\application.
6 Management Console Administrator Tasks Assign Dell Administrator Role 1. As a Security Management Server Virtual administrator, log in to the Management Console: https:// server.domain.com:8443/webui/ . The default credentials are superadmin/changeit. 2. In the left pane, click Populations > Domains. 3. Click a domain to add a user to. 4. On the Domain Detail page, click the Members tab. 5. Click Add User. 6.
To commit polices after installation or, later, after policy modifications are saved, follow these steps: 1. In the left pane, click Management > Commit. 2. In Comment, enter a description of the change. 3. Click Commit Policies.
7 Ports The following table describes each component and its function. Name Default Port Description Access Group Service TCP/ Manages various permissions and group access for various Dell Security products. 8006 NOTE: Port 8006 is not currently secured. Ensure this port is properly filtered through a firewall. This port is internal only. Compliance Reporter HTTP(S)/ 8084 Provides an extensive view of the environment for auditing and compliance reporting.
Name Default Port Description 1099 (closed) policy data during migrations. Processes data based on user groups. NOTE: Port 1099 should be filtered through a firewall. Dell suggests this port be internal only. Message Broker Service TCP/ 61616 (closed) and STOMP/ 61613 (closed or, if configured for DMZ, 61613 is open) Handles communication between services of the Dell Server. Stages policy information created by the Compatibility Server for Policy Proxy queuing.
Name Default Port Description global catalog. LDAP requests sent to port 3268 can be used to search for objects in the entire forest. However, only the attributes marked for replication to the global catalog can be returned. For example, a user's department could not be returned using port 3268 since this attribute is not replicated to the global catalog. Client Authentication HTTPS/ 8449 Allows client servers to authenticate against Dell Server.