DELL OpenManage Enterprise Appliance Software User Guide

DELL OpenManage Enterprise Appliance Software User Guide

The built-in network share

OpenManage Enterprise is a Linux-based systems management appliance delivered in a virtual machine format with a built-in CIFS share (in releases prior to OME 3.8). Some customers have reported that having a Samba server running in the virtual appliance caused some of their security policy scans to raise minor warnings. While these warnings can be safely ignored with additional explanation as the share is secure and is available only to systems targeted by applicable jobs, a better customer experience is provided with OME 3.8. Now, customers can choose HTTPS over CIFS for the built-in network share.

Configuring the built-in network share

Administrators can configure the protocol used for supporting the built-in network share from the “Application Settings” / “Console Preferences” page. This has a section for the built-in appliance share.

Screen 1: Built-in Appliance share configuration

By default, the built-in appliance share uses the CIFS protocol, and the minimum protocol version is version 2.

Administrator users can change the protocol to HTTPS, if desired. Doing so, shuts down the Samba server running in OME and switches the protocol used for the built-in network share to HTTPS. A port scan on OME, will not show the Samba server as active and listening for connections.

Other configuration for the built-in appliance share remains as-is, regardless of protocol used. The built-in network share is password protected, and a random password is generated for the appliance share by a builtin password rotation task. The credentials to accessing the share are communicated with the devices that are targets for specific jobs.

Note: Switching to HTTPS will require an update of the UMP plugin on OME installations as the existing UMP 1.0 / UMP 1.1 does not handle HTTPS shares. Since UMP 1.0 / 1.1 functionality is only affected when the administrator chooses to use HTTPS share, any installed UMP plugin version (1.0 or 1.1) will not be disabled on upgrade to OME 3.8.

Operations requiring network share access and implications

OME-Device operations that require network share access are:

• Firmware and Driver Update
• Template Extraction and Profile Deployment (In iDRAC terms, SCP extraction and deployment).
• Tech Support Report (Download)
• Diagnostic Report (Download)

OME device support matrix consists of YX2X – YX5X (12G-15G) servers, with 12G servers running 13G FW.

The table below identifies if the operation can be supported for servers, and the minimum FW version required to support it.

HTTP(S) URI
2.70.70.70| Supported via:
HTTP(S) URI
3.00.00.00
Driver Update| DSU 1.9.1| DSU 1.9.1
SCP (Template capture, deploy, config inventory,
remediation)| 2.70.70.70| 3.00.00.00
TSR export| N/A| 3.21.21.21
Remote diagnostics| N/A| 3.00.00.00

Table 1: Operations requiring network share access and supported FW levels

• Windows Driver update is affected using the DSU / DUEC / IC (D3 deliverables) that OME carries. DSU 1.9.1 offers HTTPS support.
• Template extraction and Profile Deployment are supported on chassis and IOAs. NPS chassis does not support HTTPS and works only with NFS or CIFS shares. NGM supports HTTPS / NFS / CIFS shares.

If the administrator chooses “HTTPS” for the built-in appliance share, an operation in the table above will work contingent on device type and FW (or utility) version >= the minimum required.

For example, if the administrator has chosen “HTTPS” for built-in appliance share and wants to update the FW on a server.

• The operation will be successful if the current FW level on the server is 2.70.70.70 or above.
• If the current FW level on the server is below 2.70.70.70, FW update will not succeed, and the error message will clearly indicate that the operation could not proceed as the current FW level does not have support for HTTPS share access.
• If update operation included both FW and Windows drivers, and the FW level of the server was < 2.70.70.70, but it still had DSU 1.9.1 installed, Windows Driver update would succeed on the server, but FW update will fail on that system.

When an operation / workflow fails due to the FW version or installed utility version rendering the device incapable to perform the operation correctly, that error is messaged appropriately in the Task Execution History Detail.

Best practice use

It is expected that changing the built-in appliance share type is an infrequent operation. Typically, administrators are expected to make this configuration change on first deploying the appliance, or after having
upgraded the appliance to OME 3.8. Thereafter they are expected the use the appliance for normal management or monitoring functions. While OME has been tested for multiple toggles of the appliance share type, standard use expectation is very infrequent.

Technical support and resources

Dell.com/support is focused on meeting customer needs with proven services and support.

Related resources

https://developer.dell.com/products/servers/openmanage-enterprise for the OpenManage Enterprise API Guide.

Abstract

Learn how to configure the OpenManage Enterprise appliance to use HTTPS or CIFS for the Appliance Share and associated benefits.
November 2021

Revisions

Acknowledgments

Author: Pushkala Iyer
Support: OpenManage Enterprise Product Development
Other:

The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose.
Use, copying, and distribution of any software described in this publication requires an applicable software license.

This document may contain certain words that are not consistent with Dell’s current language guidelines. Dell plans to update the document over subsequent future releases to revise these words accordingly.

This document may contain language from third party content that is not under Dell’s control and is not consistent with Dell’s current guidelines for Dell’s own content. When such thirdparty content is updated by the relevant third parties, this document will be revised accordingly.

Copyright © 2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. [11/17/2021] [Deployment and Configuration] [Document ID]

Executive summary

OpenManage Enterprise has supported a built-in network share from its early releases. This negates the need for an administrator to setup and configure external network shares for administrative functions such as firmware updates or template deployments. This Deployment & Configuration guide educates the user on how to choose HTTPS over CIFS for the built-in network share to overcome security notifications.

References

• Support | Dell US
• Support | Dell US

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>