advertisement
![Managing Security Settings. Dell V1.2, OpenManage Essentials v1.2 | Manualzz Managing Security Settings. Dell V1.2, OpenManage Essentials v1.2 | Manualzz](http://s3.manualzz.com/store/data/059233081_1-91e6771c71cfcf88a4ea91014218b539-360x466.png)
18
Managing Security Settings
Using Security Roles and Permissions
OpenManage Essentials provides security through role-based access control (RBAC), authentication, and encryption.
RBAC manages security by determining the operations run by persons in particular roles. Each user is assigned one or more roles, and each role is assigned one or more user privileges that are permitted to users in that role. With RBAC, security administration corresponds closely to an organization's structure.
OpenManage Essentials roles and associated permissions are as follows:
• OmeUsers have limited access and privileges and can perform read-only operations in OpenManage Essentials.
They can log in to the console, run discovery and inventory tasks, view settings, and acknowledge events. The
Windows Users group is a member of this group.
• OmeAdministrators have full access to all the operations within OpenManage Essentials. Windows
Administrators group is member of this group.
• OmeSiteAdministrators have full access to all the operations within OpenManage Essentials with the following privileges and restrictions:
– Can only create custom device groups under All Devices in the device tree. They can create remote or system update tasks on the custom device groups only after the custom device groups are assigned to them by the OmeAdministrators.
* Cannot edit custom device groups.
* Can delete custom device groups.
– Can create remote and system update tasks on only the device groups assigned to them by the
OmeAdministrators.
– Can only run and delete remote and system update tasks that they have created.
* Cannot edit remote tasks, including activating or deactivating the task schedule.
* Cannot clone remote or system update tasks.
* Can delete tasks they have created.
– Can delete devices.
– Cannot edit or target device queries.
– Cannot edit or access the Device Group Permissions portal.
– Cannot create remote and system update tasks based on a device query.
NOTE: Any changes made to the role or device group permissions of a user are effective only after the user logs out and logs in again.
• OmePowerUsers have the same privileges as OmeAdministraors except that they cannot edit preferences.
Microsoft Windows Authentication
For supported Windows operating systems, OpenManage Essentials authentication is based on the operating system's user authentication system using Windows NT LAN Manager (NTLM) modules to authenticate. For the network, this
175
underlying authentication system allows you to incorporate OpenManage Essentials security in an overall security scheme.
Assigning User Privileges
You do not have to assign user privileges to OpenManage Essentials users before installing OpenManage Essentials.
The following procedures provide step-by-step instructions for creating OpenManage Essentials users and assigning user privileges for Windows operating system.
NOTE: Log in with administrator privileges to perform these procedures.
NOTE: For questions about creating users and assigning user group privileges or for more detailed instructions, see the operating system documentation.
1.
From Windows desktop, click Start → All Programs → Administrative Tools → Computer Management.
2.
In the console tree, expand Local Users and Groups, and click Groups.
3.
Double-click either the OmeAdministrators, OMEPowerUsers, or OmeUsers group to add the new user.
4.
Click Add and type the user name that you are adding. Click Check Names to validate and then click OK.
New users can log on to OpenManage Essentials with the user privileges for their assigned group.
Using Custom SSL Certificates (Optional)
OpenManage Essentials default settings ensure that a secure communication is established within your environment.
However, some users may prefer to utilize their own SSL certificate for encryption.
To create a new domain certificate:
1.
Open Internet Information Services (IIS) Manager by clicking Start → All Programs → Administrative Tools →
Internet Information Services (IIS) Manager.
2.
Expand the <server name> and click Server Certificates → Sites.
3.
Click Create Domain Certificate and enter the required information.
NOTE: All systems display a certificate error until the domain administrator has published the certificate to the clients.
Configuring IIS Services
To use a custom SSL certificate, you must configure IIS Services on the system where OpenManage Essentials is installed.
1.
Open Internet Information Services (IIS) Manager by clicking Start → All Programs → Administrative Tools →
Internet Information Services (IIS) Manager.
2.
Expand the <server name> → Sites.
3.
Right-click DellSystemEssentials and select Edit Bindings.
4.
In Site Bindings, select the https binding and click Edit.
5.
In Edit Site Binding, from the SSL certificate drop-down list select your custom SSL certificate and click OK.
176
Supported Protocols and Ports in OpenManage Essentials
Supported Protocols and Ports on Management Stations
Port Number Protocol
21
25
162
1278
1279
1433
2606
2607
FTP
SMTP
SNMP
HTTP
Port Type
TCP
TCP
UDP
TCP
Proprietary TCP
Proprietary TCP
Proprietary TCP
HTTPS TCP
Maximum Encryption
Level
None
None
None
None
Direction
In/Out
In/Out
In
In/Out
None
None
None
128-bit SSL
In/Out
In/Out
In/Out
In/Out
Usage
Access ftp.dell.com.
Optional e-mail alert action.
Event reception through SNMP.
Web GUI; downloading packages to Dell Lifecycle Controller.
Scheduling tasks.
Optional remote SQL server access.
Network monitoring.
Web GUI.
Supported Protocols and Ports on Managed Nodes
Port
Number
Protocol
22
80
135
161
623
143
443
3389
SSH
HTTP
RPC
Port
Type
TCP
TCP
TCP
SNMP
RMCP
UDP
UDP
Proprietary TCP
Proprietary/
WSMAN
TCP
RDP TCP
Maximum
Encryption
Level
128 bit
None
None
None
None
None
None
128-bit SSL
Directi on
Usage
In/Out Contextual application launch—SSH client Remote software updates to Server Administrator—for systems supporting Linux operating systems
Performance monitoring in Linux systems.
In/Out Contextual application launch— PowerConnect console.
In/Out Event reception through CIM from Server
Administrator— for systems supporting Windows operating systems.
Remote software update transfer to Server
Administrator—for systems supporting Windows operating systems Remote Command Line— for systems supporting Windows operating systems.
In/Out SNMP query management.
In/Out IPMI access through LAN.
In/Out Optional remote SQL server access.
In/Out EMC storage, iDRAC6, and iDRAC7 discovery and inventory.
In/Out Contextual application launch—Remote desktop to
Windows terminal services.
177
Port
Number
6389
Protocol Port
Type
Proprietary TCP
Maximum
Encryption
Level
None
Directi on
Usage
In/out Enables communication between a host system
(through NaviCLI/NaviSec CLI or Navisphere host agent) and a Navisphere Array Agent on a Storage system.
178
advertisement
Related manuals
advertisement
Table of contents
- 3 Dell OpenManage Essentials Version 1.2 User's Guide
- 13 About OpenManage Essentials
- 13 What is New in This Release
- 14 Other Information You May Need
- 14 Contacting Dell
- 15 Installing OpenManage Essentials
- 15 Installation Prerequisites and Minimum Requirements
- 15 Minimum Recommended Hardware
- 16 Minimum Requirements
- 16 Downloading OpenManage Essentials
- 16 Terms and Conditions for Using Relational Database Management Systems
- 17 Database Size, Network Bandwidth, and Scalability
- 17 Minimum Login Roles for Microsoft SQL Server
- 18 Installing OpenManage Essentials
- 19 Custom Setup Installation
- 19 Considerations When Installing OpenManage Essentials on a Domain Controller
- 20 Setting Up OpenManage Essentials Database on a Remote SQL Server
- 20 Installing Repository Manager
- 21 Uninstalling OpenManage Essentials
- 21 Upgrading to OpenManage Essentials Version 1.2
- 22 Setting Up and Configuring VMware ESXi 5
- 22 Migrating IT Assistant to OpenManage Essentials
- 25 Getting Started With OpenManage Essentials
- 25 Logging On to OpenManage Essentials
- 25 Configuring OpenManage Essentials
- 26 Using the OpenManage Essentials Home Portal
- 27 OpenManage Essentials Heading Banner
- 27 Customizing Portals
- 28 Displaying Additional Available Reports and Graphs
- 29 Drilling Down Charts and Reports for More Information
- 29 Saving and Loading the Portal Layout
- 29 Updating the Portal Data
- 29 Hiding Graphs and Reports Components
- 30 Rearranging or Resizing Graphs and Reports (Components)
- 30 Filtering Data
- 30 Search Bar
- 31 Search Items
- 31 Search Drop-Down List
- 31 Selection Actions
- 32 Map View (Home) Portal
- 32 Viewing the User Information
- 32 Logging On As a Different User
- 33 Using the Update Available Notification Icon
- 33 Using the Warranty Scoreboard Notification Icon
- 35 OpenManage Essentials Home Portal — Reference
- 35 Dashboard
- 35 Home Portal Reports
- 36 Device by Status
- 36 Alerts by Severity
- 36 Discovered Versus Inventoried Devices
- 37 Task Status
- 37 Schedule View
- 38 Schedule View Settings
- 38 Device Warranty Report
- 39 Map View (Home) Portal Interface
- 41 Discovering and Inventorying Devices
- 41 Supported Devices, Protocols, and Features Matrix
- 43 Supported Operating Systems (Servers), Protocols, and Features Matrix
- 44 Supported Storage Devices, Protocols, and Features Matrix
- 45 Legend and Definitions
- 46 Using the Discovery and Inventory Portal
- 46 Protocol Support Matrix for Discovery
- 48 Protocol Support Matrix for System Update
- 48 Configuring a Discovery and Inventory Task
- 49 Changing the Default SNMP Port
- 50 Discovering and Inventorying Dell Devices Using WS-Man Protocol With a Root Certificate
- 51 Excluding Ranges
- 51 Viewing Configured Discovery and Inventory Ranges
- 52 Scheduling Discovery
- 52 Discovery Speed Slider Bar
- 52 Multithreading
- 53 Scheduling Inventory
- 53 Configuring Status Polling Frequency
- 55 Discovery And Inventory — Reference
- 55 Discovery and Inventory Portal Page Options
- 55 Discovery and Inventory Portal
- 56 Last Discovery and Inventory
- 56 Discovered Versus Inventoried Devices
- 57 Task Status
- 57 Viewing Device Summary
- 57 Viewing Device Summary Filter Options
- 58 Add Discovery Range / Add Discovery Range Group
- 58 Discovery Configuration
- 58 Discovery Configuration Options
- 60 ICMP Configuration
- 60 ICMP Configuration Options
- 60 SNMP Configuration
- 60 SNMP Configuration Options
- 61 WMI Configuration
- 61 WMI Configuration Options
- 61 Storage Configuration
- 61 Storage Configuration Options
- 62 WS-Man Configuration
- 62 WS-Man Configuration Options
- 62 SSH Configuration
- 62 SSH Configuration Options
- 63 IPMI Configuration
- 63 IPMI Configuration Options
- 63 Discovery Range Action
- 64 Summary
- 64 Add Exclude Range
- 64 Add Exclude Range Options
- 64 Configuration
- 65 Discovery Schedule
- 66 Inventory Schedule
- 67 Status Schedule
- 69 Managing Devices
- 69 Viewing Devices
- 69 Device Summary Page
- 71 Nodes and Symbols Description
- 71 Device Details
- 72 Viewing Device Inventory
- 72 Viewing Alerts Summary
- 72 Viewing System Event Logs
- 72 Searching for Devices
- 73 Creating a New Group
- 73 Adding Devices to a New Group
- 74 Adding Devices to an Existing Group
- 74 Hiding a Group
- 74 Deleting a Group
- 74 Single Sign-On
- 75 Creating a Custom URL
- 75 Launching the Custom URL
- 75 Configuring Warranty Email Notifications
- 76 Configuring Warranty Scoreboard Notifications
- 76 Using Map View
- 78 Map Providers
- 79 Configuring Map Settings
- 79 General Navigation and Zooming
- 80 Home View
- 80 Tool Tip
- 80 Selecting a Device on Map View
- 81 Health and Connection Status
- 81 Multiple Devices at the Same Location
- 82 Setting a Home View
- 82 Viewing All Map Locations
- 82 Adding a Device to the Map
- 83 Moving a Device Location Using the Edit Location Details Option
- 83 Importing Licensed Devices
- 85 Using the Map View Search Bar
- 86 Removing All Map Locations
- 87 Editing a Map Location
- 87 Removing a Map Location
- 87 Exporting All Device Locations
- 89 Devices — Reference
- 89 Viewing Inventory
- 90 Viewing Alerts
- 90 Viewing Hardware Logs
- 90 Hardware Log Details
- 90 Alert Filters
- 91 Viewing Non-Compliant Systems
- 91 Non-Compliant Systems
- 92 Device Search
- 92 Query Results
- 93 Creating Device Group
- 93 Device Group Configuration
- 93 Device Selection
- 94 Summary — Group Configuration
- 94 Map View (Devices) Tab Interface
- 95 Devices at this location
- 95 Map Settings
- 97 Viewing Inventory Reports
- 97 Choosing Predefined Reports
- 97 Predefined Reports
- 98 Filtering Report Data
- 99 Exporting Reports
- 101 Reports — Reference
- 102 Agent and Alert Summary
- 102 Agent Summary
- 102 Alerts per Device
- 102 Top Alert Generators
- 102 Server Overview
- 103 Server Components and Versions
- 103 Asset Acquisition Information
- 104 Asset Maintenance Information
- 105 Asset Support Information
- 106 Hard Drive Information
- 106 ESX Information
- 107 HyperV Information
- 107 Field Replaceable Unit (FRU) Information
- 107 License Information
- 108 Memory Information
- 108 Modular Enclosure Information
- 109 NIC Information
- 109 PCI Device Information
- 109 Storage Controllers Information
- 110 Warranty Information
- 111 Viewing Warranty Reports
- 111 Extending Warranty
- 113 Managing Alerts
- 113 Viewing Alerts and Alert Categories
- 113 Viewing Alert Logs
- 113 Understanding the Alert Types
- 114 Viewing Internal Alerts
- 114 Viewing Alert Categories
- 114 Viewing Alert Source Details
- 114 Viewing Previously Configured Alert Actions
- 114 Viewing Application Launch Alert Action
- 115 Viewing E-Mail Alert Action
- 115 Viewing Alert Ignore Action
- 115 Viewing Alert Trap Forward Action
- 115 Handling Alerts
- 115 Flagging an Alert
- 115 Creating and Editing a New View
- 116 Configuring Alert Actions
- 116 Setting Up E-mail Notification
- 117 Ignoring Alerts
- 117 Running a Custom Script
- 118 Forwarding Alerts
- 118 Forwarding Alerts Use Case Scenarios
- 119 Working With Sample Alert Action Use Cases
- 119 Use Cases in Alert Actions
- 120 Configuring Alert Log Settings
- 120 Renaming Alert Categories and Alert Sources
- 121 Alerts — Reference
- 121 Alert Logs
- 122 Predefined Alert View Filters
- 122 Alert Logs Fields
- 123 Alert Details
- 123 Alert Log Settings
- 123 Alert View Filters
- 123 Alert Filter Name
- 124 Severity
- 124 Acknowledgement
- 124 Summary — Alert View Filter
- 125 Alert Actions
- 125 Name and Description
- 126 Severity Association
- 126 Application Launch Configuration
- 127 E-Mail Configuration
- 128 Trap Forwarding
- 128 Category and Sources Association
- 128 Device Association
- 129 Date and Time Range
- 130 Alert Action - Duplicate Alert Correlation
- 130 Summary- Alert Action Details
- 131 Alert Categories
- 131 Alert Categories Options
- 133 Alert Source
- 135 Updating Server BIOS, Firmware, Drivers, and Applications
- 135 Viewing the System Update Page
- 136 Understanding Server BIOS Firmware and Drivers Sources
- 136 Choosing the Right Source for Updates
- 136 Selecting an Update Catalog Source
- 137 Viewing Comparison Results
- 137 Viewing Compliant Servers
- 137 Viewing Non-Compliant Servers
- 137 Viewing Non-Inventoried Servers
- 137 Viewing Servers With Issues and Resolutions
- 137 System Update Use Case Scenarios
- 139 Applying System Updates
- 140 Viewing Updated Status
- 140 View Active Catalog
- 141 Issues and Resolutions Use Case Scenarios
- 143 System Update — Reference
- 143 Filter Options
- 144 System Update
- 144 Compliance Report
- 146 Compliant Systems
- 146 Non-Compliant Systems
- 147 System Update Task
- 147 Non-Inventoried Systems
- 148 Inventory Systems
- 148 All System Update Tasks
- 148 Issues and Resolutions
- 148 Task Execution History
- 149 Select a Catalog Source
- 149 Dell Update Package
- 150 Dell OpenManage Server Update Utility
- 150 Repository Manager
- 150 View Active Catalog
- 151 Managing Remote Tasks
- 151 About Remote Tasks
- 151 Managing Command Line Task
- 152 Managing RACADM Command Line Tasks
- 153 Managing Generic Command Line Task
- 154 Managing Server Power Options
- 154 Deploying Server Administrator
- 156 Supported Windows and Linux Packages
- 156 Arguments
- 157 Working With Sample Remote Tasks Use Cases
- 157 Use Cases in Remote Tasks
- 158 Device Capability Matrix
- 161 Remote Tasks — Reference
- 161 Remote Tasks Home
- 162 Remote Tasks
- 162 All Tasks
- 163 Task Execution History
- 163 Server Power Options
- 165 Deploy Server Administrator Task
- 166 Command Line Task
- 167 Remote Server Administrator Command
- 169 Generic Command
- 170 IPMI Command
- 172 RACADM Command Line
- 175 Managing Security Settings
- 175 Using Security Roles and Permissions
- 175 Microsoft Windows Authentication
- 176 Assigning User Privileges
- 176 Using Custom SSL Certificates (Optional)
- 176 Configuring IIS Services
- 177 Supported Protocols and Ports in OpenManage Essentials
- 177 Supported Protocols and Ports on Management Stations
- 177 Supported Protocols and Ports on Managed Nodes
- 179 Troubleshooting
- 179 OpenManage Essentials Troubleshooting Tool
- 179 Troubleshooting Procedures
- 179 Troubleshooting Inventory
- 180 Troubleshooting Device Discovery
- 181 Troubleshooting Receiving SNMP Traps
- 181 Troubleshooting Discovery of Windows Server 2008–Based Servers
- 181 Troubleshooting SNMP Traps for ESX or ESXi Versions 3.5, 4.x, or 5.0
- 181 Troubleshooting Problems With Microsoft Internet Explorer
- 182 Troubleshooting Map View
- 185 Frequently Asked Questions
- 185 Installation
- 185 Upgrade
- 186 Tasks
- 186 Optional Command Line Settings
- 187 Customization Parameters
- 188 MSI Return Code
- 189 E-mail Alert Action
- 189 Discovery
- 190 Inventory
- 190 System Update
- 191 Device Group Permissions
- 191 Device Group Permissions Portal
- 192 Remote and System Update Tasks
- 192 Custom Device Groups
- 193 Logs
- 193 Log Levels
- 194 Troubleshooting
- 195 Managing Device Group Permissions
- 195 Adding Users to the OmeSiteAdministrators Role
- 196 Assigning Device Groups to a User
- 197 Removing Users From the OmeSiteAdministrators Role
- 199 Preferences — Reference
- 199 Console Settings
- 200 Email Settings
- 201 Alert Settings
- 201 Custom URL Settings
- 201 Warranty Notification Settings
- 202 Device Group Permissions
- 202 Common Tasks
- 203 Manage Device Group Permissions
- 203 Device Groups for Tasks and Patch Targeting
- 205 Logs — Reference
- 205 User Interface Logs
- 206 Application Logs
- 207 Extensions
- 209 Right-Click Actions
- 209 Schedule View
- 209 Device Status
- 210 Discovery Range Summary
- 210 Managing Include Ranges
- 210 View Filters
- 211 Alerts
- 211 Remote Tasks
- 211 Custom URL
- 211 System Update Tasks
- 213 Tutorials
- 215 Using OpenManage Essentials Command Line Interface
- 215 Launching the OpenManage Essentials Command Line Interface
- 215 Creating a Discovery Profile Input File
- 216 Specifying IPs, Ranges, or Host names Using XML or CSV Files
- 217 Specifying Input Files in PowerShell
- 217 Command Line Interface Commands
- 217 Creating a Discovery Range
- 218 Removing a Discovery Range
- 218 Creating a Discovery Range Group
- 218 Removing a Discovery Range Group
- 218 Editing a Discovery Range
- 219 Editing a Discovery Range Group
- 219 Enabling a Discovery Range or Discovery Range Group
- 220 Disabling a Discovery Range or Discovery Range Group
- 220 Creating a Discovery Exclude Range
- 220 Removing a Discovery Exclude Range
- 221 Running Discovery, Inventory, and Status Polling Tasks
- 221 Removing a Device
- 222 Retrieving the Status Execution Progress of a Discovery Range
- 222 Stopping a Running Discovery Range or Group
- 222 Creating a Custom Device Group
- 223 Adding Devices to a Custom Group
- 223 Deleting a Group