DELL OpenManage Enterprise Appliance Software User Guide
- June 4, 2024
- Dell
Table of Contents
DELL OpenManage Enterprise Appliance Software User Guide
The built-in network share
OpenManage Enterprise is a Linux-based systems management appliance delivered in a virtual machine format with a built-in CIFS share (in releases prior to OME 3.8). Some customers have reported that having a Samba server running in the virtual appliance caused some of their security policy scans to raise minor warnings. While these warnings can be safely ignored with additional explanation as the share is secure and is available only to systems targeted by applicable jobs, a better customer experience is provided with OME 3.8. Now, customers can choose HTTPS over CIFS for the built-in network share.
Configuring the built-in network share
Administrators can configure the protocol used for supporting the built-in network share from the “Application Settings” / “Console Preferences” page. This has a section for the built-in appliance share.
Screen 1: Built-in Appliance share configuration
By default, the built-in appliance share uses the CIFS protocol, and the minimum protocol version is version 2.
Administrator users can change the protocol to HTTPS, if desired. Doing so, shuts down the Samba server running in OME and switches the protocol used for the built-in network share to HTTPS. A port scan on OME, will not show the Samba server as active and listening for connections.
Other configuration for the built-in appliance share remains as-is, regardless of protocol used. The built-in network share is password protected, and a random password is generated for the appliance share by a builtin password rotation task. The credentials to accessing the share are communicated with the devices that are targets for specific jobs.
Note: Switching to HTTPS will require an update of the UMP plugin on OME installations as the existing UMP 1.0 / UMP 1.1 does not handle HTTPS shares. Since UMP 1.0 / 1.1 functionality is only affected when the administrator chooses to use HTTPS share, any installed UMP plugin version (1.0 or 1.1) will not be disabled on upgrade to OME 3.8.
Operations requiring network share access and implications
OME-Device operations that require network share access are:
- Firmware and Driver Update
- Template Extraction and Profile Deployment (In iDRAC terms, SCP extraction and deployment).
- Tech Support Report (Download)
- Diagnostic Report (Download)
OME device support matrix consists of YX2X – YX5X (12G-15G) servers, with 12G servers running 13G FW.
The table below identifies if the operation can be supported for servers, and the minimum FW version required to support it.
| Use case / Operation | YX2X / YX5X | YX4X and up |
|---|---|---|
| FW Update | Supported via: |
HTTP(S) URI
2.70.70.70| Supported via:
HTTP(S) URI
3.00.00.00
Driver Update| DSU 1.9.1| DSU 1.9.1
SCP (Template capture, deploy, config inventory,
remediation)| 2.70.70.70| 3.00.00.00
TSR export| N/A| 3.21.21.21
Remote diagnostics| N/A| 3.00.00.00
Table 1: Operations requiring network share access and supported FW levels
- Windows Driver update is affected using the DSU / DUEC / IC (D3 deliverables) that OME carries. DSU 1.9.1 offers HTTPS support.
- Template extraction and Profile Deployment are supported on chassis and IOAs. NPS chassis does not support HTTPS and works only with NFS or CIFS shares. NGM supports HTTPS / NFS / CIFS shares.
If the administrator chooses “HTTPS” for the built-in appliance share, an operation in the table above will work contingent on device type and FW (or utility) version >= the minimum required.
For example, if the administrator has chosen “HTTPS” for built-in appliance share and wants to update the FW on a server.
- The operation will be successful if the current FW level on the server is 2.70.70.70 or above.
- If the current FW level on the server is below 2.70.70.70, FW update will not succeed, and the error message will clearly indicate that the operation could not proceed as the current FW level does not have support for HTTPS share access.
- If update operation included both FW and Windows drivers, and the FW level of the server was < 2.70.70.70, but it still had DSU 1.9.1 installed, Windows Driver update would succeed on the server, but FW update will fail on that system.
When an operation / workflow fails due to the FW version or installed utility version rendering the device incapable to perform the operation correctly, that error is messaged appropriately in the Task Execution History Detail.
Best practice use
It is expected that changing the built-in appliance share type is an
infrequent operation. Typically, administrators are expected to make this
configuration change on first deploying the appliance, or after having
upgraded the appliance to OME 3.8. Thereafter they are expected the use the
appliance for normal management or monitoring functions. While OME has been
tested for multiple toggles of the appliance share type, standard use
expectation is very infrequent.
Technical support and resources
Dell.com/support is focused on meeting customer needs with proven services and support.
Related resources
https://developer.dell.com/products/servers/openmanage-enterprise for the OpenManage Enterprise API Guide.
Abstract
Learn how to configure the OpenManage Enterprise appliance to use HTTPS or
CIFS for the Appliance Share and associated benefits.
November 2021
Revisions
| Date | Description |
|---|---|
| November 2021 | Initial release |
Acknowledgments
Author: Pushkala Iyer
Support: OpenManage Enterprise Product Development
Other:
The information in this publication is provided “as is.” Dell Inc. makes no
representations or warranties of any kind with respect to the information in
this publication, and specifically disclaims implied warranties of
merchantability or fitness for a particular purpose.
Use, copying, and distribution of any software described in this publication
requires an applicable software license.
This document may contain certain words that are not consistent with Dell’s current language guidelines. Dell plans to update the document over subsequent future releases to revise these words accordingly.
This document may contain language from third party content that is not under Dell’s control and is not consistent with Dell’s current guidelines for Dell’s own content. When such thirdparty content is updated by the relevant third parties, this document will be revised accordingly.
Copyright © 2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. [11/17/2021] [Deployment and Configuration] [Document ID]
Executive summary
OpenManage Enterprise has supported a built-in network share from its early releases. This negates the need for an administrator to setup and configure external network shares for administrative functions such as firmware updates or template deployments. This Deployment & Configuration guide educates the user on how to choose HTTPS over CIFS for the built-in network share to overcome security notifications.
References
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>