DELL V 3.4.3 Repository Manager User Guide
- June 10, 2024
- Dell
Table of Contents
Dell Repository Manager version 3.4.3
Security Configuration Guide
V 3.4.3 Repository Manager
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better
use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss
of data and tells you how to avoid the problem.
WARNING: A WARNING indicates a potential for property damage, personal
injury, or death.
PREFACE
As part of an effort to improve its product lines, Dell periodically releases
revisions of its software and hardware. Some functions that are described in
this document might not be supported by all versions of the software or
hardware currently in use. The product release notes provide the most up-to-
date information about product features.
Contact your Dell technical support professional if a product does not
function properly or does not function as described in this document. This
document was accurate at publication time. To ensure that you are using the
latest version of this document, go to https://www.dell.com/support.
Legacy disclaimers
The information in the publication is provided as-is. Dell Technologies makes
no representations or warranties of any kind regarding the information in the
publication, and specifically disclaims implied warranties of merchantability
or fitness for a particular purpose. In no event shall Dell Technologies, its
affiliates or suppliers, be liable for any damages whatsoever arising from or
related to the information contained herein or actions that you decide to take
based thereon, including any direct, indirect, incidental, consequential, loss
of business profits or special damages, even if Dell Technologies, its
affiliates or suppliers have been advised of the possibility of such damages.
The Security Configuration Guide intends to be a reference. The guidance is
provided based on a diverse set of installed systems and may not represent the
actual risk/guidance to your local installation and individual environment. It
is recommended that all users determine the applicability of this information
to their individual environments and take appropriate actions. All aspects of
this Security Configuration Guide are subject to change without notice and on
a case-by-case basis. Your use of the information that is contained in this
document or materials that are linked herein is at your own risk. Dell
reserves the right to change or update this document in its sole discretion
and without notice at any time.
Scope of the document
This document includes information about security features and capabilities of
Dell Repository Manager (DRM).
Audience
This document is intended for individuals who are responsible for managing
security for Dell Repository Manager.
Revision History
The following table presents the revision history of this document.
Table 1. Revision History
| Revision | Date | Description |
|---|---|---|
| A00 | Apr-22 | Initial release of the Dell Repository Manager 3.4.Security |
Guideline Document
A00| Jan-23| Enhanced Access mode privileges on Windows Operating systems
Document References
In addition to this guide, you can access the other guides available at
dell.com/support. Dell Repository Manager
supports creating artifacts to update services for Dell systems using Dell
System Update, Bootable ISO, and Server Update Utility Update. For
configuration related information, see DSU, Bootable ISO and SUU User’s Guide.
For more information, see Dell Repository Manager Software Support Matrix. Go
to support site, click product support -> Dell Repository Manager to access
the following documents:
- Dell Repository Manager Version 3.4.3 User’s Guide
- Dell Repository Manager Version 3.4.3 Release Notes
- Dell Repository Manager Software Support Matrix
Security resources
- Dell Security Advisories (DSA) dell.com/support/security
- Support knowledge base (KB) articles at https://www.dell.com/support/kbdoc/en-us/000177083/support-for-dellrepository-manager-drm
Getting help
Contact your Dell technical support professional if a product does not
function properly or does not function as described in this document. This
document was accurate at publication time. To ensure that you are using the
latest version of this document, go to
dell.com/support
Reporting security vulnerabilities
Dell takes reports of potential security vulnerabilities in our products very
seriously. If you discover a security vulnerability, you are encouraged to
report it to Dell immediately. For the latest on how to report a security
issue to Dell, please see the Dell Vulnerability Response Policy on the
Dell.com site.
Topics:
- Terms used in this document
Terms used in this document
Table 2. Terms used in this document
| Terminology | Description |
|---|---|
| DRM | Dell Repository Manager |
| DUP | Dell Update Package |
| SUU | Server Update Utility |
| DSU | Dell System Update |
| iDRAC | Integrated Dell Remote Access Controller |
| OMEnt | OpenManage Enterprise |
| OMIVV | OpenManage Integration for VMWare VCenter |
| OMIMSSC | OpenManage Integration for Microsoft System Center |
Deployment models
Dell Repository Manager can be installed on the supported Microsoft Windows
and Linux operating systems to generate the artifacts that can be used to
deploy and upgrade the system. For more information about the installation,
see Dell Repository Manager User’s Guide at dell.com/support.
Topics:
- Security profiles
Security profiles
DRM has a default security profile for secure HTTPS access with a self-signed
certificate during installations. The downloaded artifacts such as DUPs,
catalogs, and plugins are signed by Dell.
Product and subsystem security
Topics:
- Security controls map
- Authentication
- Login security settings
- User and credential management
- Password Complexity
- Network security
- Data security
- Auditing and logging
- Serviceability
- Product code integrity
Security controls map
The Dell Repository Manager (DRM) is an application within the Dell OpenManage
portfolio that allows IT Administrators to manage system updates. Dell
Repository Manager provides a searchable interface that is used to create
custom software collections, which are known as bundles and repositories of
Dell Update Packages (DUPs). These bundles and repositories allow for the
deployment of multiple firmware updates at once.
The DRM User Interface (UI) interacts with the DRM service through HTTPs
protocol. Dell Repository Manager (DRM) interacts with downloads.dell.com to
download the DUPs, Catalogs, and other artifacts such as plugins and DRM
updates through HTTPs protocol. DRM interacts with various consoles such as
iDRAC and OME to collect inventory information over the HTTPs protocol. This
protocol is the only supported way to connect to the various consoles. Also,
DRM interacts with any network or file share through CIFS or SMBv2 protocols.
The following figure displays the DRM security controls map:
As the diagram depicts, DRM interacts with downloads.dell.com through HTTPS
protocol and with the network share through the CIFS/SMBv2.
Authentication
Access control
The Dell Repository Manager functions as a service. In Linux, the service runs
with the least privileges as drmuser. In windows, by default the service run
with the privileges as same as LocalService account (If you installed or
upgraded DRM 3.4.3 or above with Restricted Access mode). The system
administrator can choose to run the DRM service with system level privileges
during DRM installation in windows.
NOTE: In CLI mode, the DRM logs are downloaded to a network share
location, only if you have accessed the network share location on the system
before. However, unable to download the DRM logs if the network share location
is not accessed before.
NOTE: In GUI mode, to download the DRM logs in network share location if
not accessed before, then it prompts to log in with user credentials for the
first time. However, after accessing the network share location once to
download the logs, it does not prompt for credentials and the DRM logs are
downloaded to same network share location.
Login security settings
Remote connection security
DRM uses open-source library for remote connection using CIFS/SMBv2 and does
not log the credentials mentioned for connections.
User and credential management
Dell Repository Manager stores all the user credentials in a database with an
encrypted format. The database is password protected that user provides during
the installation. The password can be modified by an administrator or a user
with the administrative privileges. All the traffic between the User interface
(UI) and the service are managed using HTTPs.
Password Complexity
DRM Database password must contain at least eight characters that has at least
one character each in upper case, lower case, and a numeric character.
Network security
DRM supports only HTTPs connection to connect downloads.dell.com, and then
download the catalogs, DUPs, and plugins.
These artifacts are signed by Dell.
DRM performs SHA 256 hash verification and PGP sign verification for all the
downloaded artifacts.
Network exposure
DRM can only be accessed within the system and cannot be reached by any other
system over the network
Outbound ports
Outbound ports are used by Dell Repository Manager Update when connecting to a
remote system.
The table below lists the DRM outbound ports.
Table 3. Outbound ports
| Port number | Layer 4 Protocol | Service |
|---|---|---|
| 80 | TCP | HTTP |
| 139 or 445 | TCP | SMB/CIFS |
| 443 | TCP | HTTPs |
Data security
DRM stores all sensitive information, such as passwords, in databases in an
encrypted format. DRM uses certificates for secure HTTP access (HTTPS). DRM
installs a java store and uses a self-signed certificate to secure HTTPS
transactions.
DRM database is protected by a password that is provided by the user during
the installation phase. This password is stored in an encrypted format in a
file that is locked using another layer of password. The password that locks
the file is generated randomly and varies according to various system
parameters.
Auditing and logging
DRM creates log and stores in the working directory. The log files size
between 1 MB to 10 MB. For more information about Troubleshooting, or Log
files, see the Dell Repository Manager User’s Guide available at
dell.com/support.
Serviceability
The support website https://www.dell.com/support provides access to
licensing information, product documentation, advisories, downloads, and
troubleshooting information. This information helps you to resolve a product
issue before you contact support team.
Special login is not required to enable DRM for service personnel.
Ensure that you install security patches and other updates when available,
including the Dell Repository Manager updates.
Product code integrity
The Dell Repository Manager installer is signed by Dell. It is recommended
that you verify the authenticity of the Dell Repository Manager installer
signature.
Miscellaneous configuration and management
Topics:
- Dell Repository Manager licensing
- Protect authenticity and integrity
Dell Repository Manager licensing
DRM has open-source approval for internal dependencies and is installed with
the application on the box. It can also be found at
https://opensource.dell.com/releases/drm/. For more information about
licensing of Dell Repository Manager, see the Dell
Repository Manager User’s Guide available at dell.com/support.
Protect authenticity and integrity
To ensure the integrity of product, the installation and update of components
for Dell Repository Manager are signed.
January 2023
Rev. A00
Documents / Resources
| DELL
V 3.4.3 Repository
Manager
[pdf] User Guide
V 3.4.3 Repository Manager, V 3.4.3, Repository Manager, Manager
---|---
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>