Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
11121314151617181920
Technical support and resources
ID 483
3.1.4 Trusted Platform Module Support
PowerEdge servers support three versions of the Trusted Platform Module (TPM):
o TPM 1.2 FIPS + Common Criteria+ TCG certified (Nuvoton)
o TPM 2.0 FIPS + Common Criteria+ TCG certified (Nuvoton)
o TPM 2.0 China (NationZ)
TPM can be used to perform public key cryptographic functions, compute hash functions, generate, manage,
and securely store keys, and do attestation. Intel Trusted Execution Technology (TXT) functionality and
Microsoft Platform Assurance feature in Windows Server 2016 are also supported. TPM can also be used to
enable the BitLockerâ„¢ hard drive encryption feature in Windows Server 2012 and 2016.
Attestation and remote attestation solutions can use the TPM to take measurements at boot time of a server
hardware, hypervisor, BIOS, and operating system. These measurements are compared in a
cryptographically secure manner against base measurements that are stored in TPM. If they are not identical,
the server identity may have been compromised and system administrators can disable and disconnect the
server either locally or remotely.
Servers can be ordered with or without TPM, but for many operating systems and other security provisions it
is becoming a standard.
TPM is enabled through a BIOS option. It is a Plug-In Module solution, the planar has a connector for this
plug-in module.
3.1.5 Security Certifications
Dell EMC has received certifications for standards such as NIST FIPS 140-2 and Common Criteria EAL-4.
These certifications are for complying with US Department of Defense (DoD) and other governmental
requirements. The following certifications have been received for PowerEdge servers:
o Server platform: Common Criteria EAL4+ certified with Red Hat Enterprise Linux and are also
being used to support the partner CC certifications.
o iDRAC and CMC FIPS 140-2 Level 1 certification
o OpenManage Enterprise – Modular is EAL2+ certified.
o FIPS 140-2 and Common Criteria certification for TPM 1.2 & 2.0
3.2 User Access Security
Ensuring proper authentication and authorization is a key requirement of any modern access control policy.
The primary access interfaces for PowerEdge servers are using the APIs, CLIs, or the UI of the embedded
iDRAC. The preferred APIs and CLIs for automating server management are:
o iDRAC Restful API with Redfish
o RACADM CLI
o SELinux
Each of these interfaces provides for robust credentials like username and password security, transported
over an encrypted connection, such as HTTPS. SSH authenticates a user by using a matching set of
cryptographic keys, eliminating the use of less than secure passwords. Older protocols, such as IPMI, are