O OpenM Mana age Mobile e Bestt Prac cticess OM ME Engineering Team Davvid Warden Sean Kim Feb bruary 2014 AD Dell Best Practicess
Revisions Date Description February 2014 Initial release THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. © 2014 Dell Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell.
Table of contents Revisions ..................................................................................................................................................................................................2 Executive Summary .............................................................................................................................................................................. 4 1 Configuring Notification Alert Filter Settings ........................................
Executive Summary OpenManage Mobile (OMM) provides a subset of Dell’s system monitoring and management capabilities on mobile devices. This document describes best practices for deploying OMM in an enterprise environment. It is assumed the reader has a basic understanding of OpenManage Mobile (OMM), OpenManage Essentials (OME), the Integrated Dell Remote Access Controller (iDRAC), and is also familiar with the OS on their mobile device.
1 Configuring Notification Alert Filter Settings OpenManage Mobile allows a user monitoring OME servers to receive alert notifications on their phone. When the alert reaches the OpenManage Essentials server it gets pushed to the user’s mobile phone through the Google Cloud Messaging service. OME allows alerts to be filtered by severity, category, device/device group, date/time, and acknowledgement status. Pre-defined filters exist for each severity level.
All Alert View Filters that are seen in OME’s Alert portal are available as push notification subscription filters when the OME connection is initially created or edited in OMM. If administrators in your organization periodically rotate roles, it may be easier to reassign filters among administrators, rather than edit the filters. To change alert filters in OMM: 1. Verify network connectivity between the mobile device and the OME management system exists (i.e., secure Wi-Fi or VPN). 2.
2 Mobile Device Security It is recommended that OMM be used with a PIN to protect access to the OMM app, particularly if the device does not have a screen lock configured. OMM uses encryption to protect connection information including credentials. For maximum security, it is recommended that you encrypt your device and use a screen lock with strong security such a strong password or PIN and screen lock timeout no longer than 15 minutes. It is also recommended that you do not use a "rooted" phone.
3 Configuring VPN Settings It is highly recommended that your OME servers and iDRACs be protected by firewalls and only accessible to OMM through a secured Wi-Fi network or a Virtual Private Network. VPNs may be used with cellular or Wi-Fi connections.
Figure 3 Dell Venue 8 VPN Settings To connect to the VPN: 1. Select the VPN from the VPN connection list. 2. Enter the Username and Password, if required. 3. Touch Connect. 9 OpenManage Mobile Best Practices | Revision 1.
4 Configuring Wireless Networks Android also supports a number of wireless security protocols based on a passphrase or certificate which may vary by device. Protocols commonly include: Common Android Wireless Security Protocols None WEP WPA/WPA2 802.1x EAP Running a Wi-Fi network with no security or with WEP security is not recommended. Use of 802.1x EAP with MS_CHAPv2 secondary authentication is also not recommended due to security vulnerabilities in the protocol.
5 Configuring OME Proxy Settings To support alert push notifications, OME requires outbound Internet access. For security, it is recommended that outbound Internet access be controlled via firewall or proxy authentication. If your organization uses a password authenticated proxy, it is recommended that a dedicated OME proxy account be created with a password that does not expire.
6 Power Control Requirements To ensure successful completion of remote remediation power tasks using OMM, managed servers must meet protocol requirements. Some power tasks may not run successfully if these requirements are not met. Please refer to the Device Capability Matrix in the Managing Remote Tasks section in the OME Help documentation for more details. The following guidelines are recommended to ensure successful power task operations using OME and OMM.