Dell OpenManage Enterprise Integration for Microsoft System Center Operations Manager User Guide
- June 13, 2024
- Dell
Table of Contents
Dell OpenManage Enterprise Integration
for Microsoft System Center Operations
Manager version 1.0
Security Configuration Guide
January 2023
Rev. A00
OpenManage Enterprise Integration for Microsoft System Center Operations
Manager
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better
use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss
of data and tells you how to avoid the problem.
WARNING: A WARNING indicates a potential for property damage, personal
injury, or death.
© 2023 – Dell Inc. or its subsidiaries. All rights reserved. Dell
Technologies, Dell, and other trademarks are trademarks of Dell Inc. or its
subsidiaries. Other trademarks may be trademarks of their respective owners.
PREFACE
As part of an effort to improve its product lines, Dell periodically releases
revisions of its software and hardware. Some functions that are described in
this document might not be supported by all versions of the software or
hardware currently in use. The product release notes provide the most up-to-
date information about product features.
Contact your Dell technical support professional if a product does not
function properly or does not function as described in this document. This
document was accurate at publication time. To ensure that you are using the
latest version of this document, go to
dell.com/support. This section contains the
following topics:
Purpose
This document includes information about security features and capabilities of
Dell OpenManage Enterprise Integration for Microsoft System Center Operations
Manager.
Audience
This document includes information about security features and capabilities of
Dell OpenManage Enterprise Integration for Microsoft System Center Operations
Manager.
Revision History
Table 1. Document revision history
| Revision | Date | Description |
|---|---|---|
| A00 | January 2023 | Initial release of the Dell OpenManage Enterprise |
Integration for Microsoft System Center Operations Manager version 1.0
Related documentation
The complete documentation set for Dell OpenManage Enterprise Integration for
Microsoft System Center Operations Manager is available at
dell.com/support. Click Browse all products, and
then click Software & Solutions > Software > Enterprise Systems Management.
Click OpenManage Enterprise Integration for Microsoft System Center Operations
Manager to access the following documents:
- Dell OpenManage Enterprise Integration for Microsoft System Center Operations Manager version 1.0 User’s Guide.
- Dell OpenManage Enterprise Integration for Microsoft System Center Operations Manager version 1.0 Release Notes.
To see information related to OpenManage Enterprise Security configuration,
see Security Configuration Guide at
dell.com/support.
You can find the technical artifacts including white papers at
dell.com/support.
Terms used in this document
Table 2. Terms used in this document
| Terminology | Description |
|---|---|
| SCOMP | System Center Operation Manager Plugin |
| HTTP | Hypertext Transfer Protocol |
| HTTPS | Hypertext Transfer Protocol Secure |
| NFS | Network File System |
| CIFS | Common Internet File System |
| iDRAC | Integrated Dell Remote Access Controller |
| SNMP | Simple Network Management Protocol |
| VM | Virtual Machine |
Deployment models
About this task
Dell OpenManage Enterprise Integration for Microsoft System Center Operations
Manager uses Dell OpenManage Enterprise deployment models. For more
information about the OpenManage Enterprise deployment models, see
dell.com/support/openmanage_enterprise.
To install the Operations Manager plugin within OpenManage Enterprise, do the
following:
Steps
- Launch Dell OpenManage Enterprise.
- From the Application Settings menu, select Consoles and Plugins. The Consoles and Plugins page is displayed.
- On the Consoles and Plugins page, in the Operations Manager section, click Install.
NOTE: For more information, see Dell OpenManage Enterprise Integration for Microsoft System Center Operations Manager version 1.0 User’s Guide.
Topics:
- Security profiles
Security profiles
Dell OpenManage Enterprise Integration for Microsoft System Center Operations
Manager has a default security profile for secure HTTP access. It is highly
recommended to replace the Certificate Authority (CA) signed certificates for
stronger security environments.
Product and subsystem security
Topics:
- Security controls map
- Authentication
- Login security settings
- Authentication types and setup considerations
- User and credential management
Security controls map
Dell OpenManage Enterprise for Microsoft System Center Operations Manager
(Operations Manager) is a plug-in to OpenManage Enterprise (OME) console that
enables the monitoring of the Dell hardware assets discovered in OpenManage
Enterprise appliance using System Center Operations Manager (SCOM). The
Operations Manager plug-in supports the monitoring of the device inventory,
health, and alerts for the hardware including Dell Servers, Modular Systems,
and Network Switches.
Integrate the OpenManage Enterprise appliance with the SCOM console to manage
the Dell devices in data center.
The following figure displays the Operations Manager plugin security controls
map:
Figure 1. Security
Controls Map
Authentication
Default user accounts
Dell OpenManage Enterprise user accounts are used for accessing Operations
Manager plugin.
For more information on Default user accounts of OpenManage Enterprise, see
dell.com/support/home/en-us/product-support/product/dell-
penmanageenterprise/docs.
External user accounts
The Microsoft System Center users can access the Operations Manager plugin
user interface from Microsoft System Center Operation Manager (SCOM) console
when the users have appropriate roles and privileges on the MS System Center
Operation Manager.
For more information, see Dell OpenManage Enterprise Integration for Microsoft
System Center Operations Manager User’s guide.
Login security settings
The following use cases are supported in the Operations Manager Plugin 1.0.
The table below describes a consolidated view of which user has the permission
to execute the use case. To implement the following matrix the Plugin will
validate the user against the role. Here is the Role Id and definition defined
by OpenManage Enterprise, plugin refers the same.
Table 3. Role IDs and details per OpenManage Enterprise
Role ID defined by OpenManage Enterprise| Details per OpenManage
Enterprise
---|---
10| Privileges to do all operations
15| Limited to fabric configuration
16| Read-only privileges across the system
Authentication types and setup considerations
The OpenManage Enterprise Integration for Microsoft System Center Operations
Manager depends on SCOM console authentication to access plugin pages and
RESTful APIs. The plugin pages and RESTful APIs dealing with SCOM console
require the privileges that are created by Dell on SCOM during registration.
Register new Console or Management Group
Prerequisites
- The AD user has admin privileges over SCOM.
- The AD user is imported with Administrative Role in OpenManage Enterprise.
- The AD user has logged into OpenManage Enterprise, at least once.
- The OpenManage Enterprise Advanced + license to monitor Dell Servers.
About this task
To register the new SCOM console:
Steps
-
Install SCOM as per Microsoft recommendation and their requirements microsoft.com/scom/system-requirements.
-
Install and set up OpenManage Enterprise. For more information, see Install OpenManage Enterprise section in OpenManage Enterprise User’s Guide.
-
Discover Dell devices through OpenManage Enterprise – especially those devices which cannot be natively discovered in SCOM:
a. Dell Servers
The monitoring of the Dell Servers are supported with OpenManage Enterprise Advanced + license.
b. Modular Systems
c. Network Switches -
Log in to OpenManage Enterprise and go to Application Settings > Console and Plugins and check for Operations Manager Plugin, and then Install.
-
After installing, go to Plugins > Operations Manager > Console Management and perform the Add Console workflow to add this SCOM Console into OpenManage Enterprise. Provide the following details at the time of enrollment:
a. Console Name (user defined name to identify this SCOM Management Group).
b. SCOM MS FQDN (Fully qualified domain name of any of the Management Server, under the Management Group you want to Add).
c. Username (SCOM Administrator account credential username, also part of the Active Directory Group added as Administrator in OME).
d. Password associated with the username.
e. Test Connection – validates if the Management Server is available, or if using the mentioned credentials OpenManage Enterprise can connect or not, or if PowerShell is enabled or not. When any of mentioned pre-requisite is not met, the exact cause will be pushed to the user.
NOTE: For successful Test connection, if Firewall is enabled, go to Control Panel > System and Security > Windows Defender Firewall > Advanced settings > Inbound Rules > File and Printer Sharing (Echo Request – ICMPv4-In). Right click File and Printer Sharing (Echo Request – ICMPv4-In), and click Enable File.
f. Post successful Test Connection, the Add button gets enabled.
g. Click Add. -
While Adding the mentioned SCOM Management group, following data will be collected and stored in the Plugin database schema:
a. Get the installed Product Details like, SCOM Product name and version.
b. Get complete metadata of the Management Group, all the Management Servers, along with individual health status
c. Validate if the Management Pack is installed over the group. If the Management Pack is not installed the job will cancel, and user will be notified to run the installer to add the required Management Packs.
d. Set a primary Management Server that is used to establish communication between OpenManage Enterprise and the Management Group. -
After all the details are provided, the console is added and shows up in the Console.
Results
An onboarding Job gets initiated that synchronize the device data from
OpenManage Enterprise to SCOM console. This will be an incremental
Synchronization, which means synchronizing the devices first, followed by
their health and alert.
User privileges
To use Operations Manager plugin, user must be a member of the Active
Directory groups and have the following Account privileges in the Microsoft
System Center Consoles. Active Directory (AD) user that is used to add the
SCOM console must be imported as an administrator in OpenManage Enterprise.
The user can be classified as following:
- Default User/Administrator—The default ‘admin’ user that gets configured when OpenManage Enterprise is deployed. For more information, see latest OpenManage Enterprise User’s guide at dell.com/support/home/openmanage_enterprise.
- Local user—A local user is a new user created by OpenManage Enterprise, with use type Local. A local OpenManage Enterprise user is mainly of 3 types of roles – Admin, Device Manager, Viewer. The permission varies for these varieties.
- Imported AD UserA user that is imported with Administrator Role, from an Active Directory that is part of OpenManage Enterprise Directory Service, as well as is a SCOM Administrator.
Table 4. User accounts with required privileges
PRIVILEGES| ADMINISTRATOR| DEVICE MANAGER| VIEWER|
Imported AD User (Admln)
---|---|---|---|---
View Plugin Availability| Yes| No| No| Yes
Download & Install Plugin| Yes| No| No| Yes
Uninstall| Yes| No| No| Yes
Enable or Disable Plugin| Yes| No| No| Yes
Upgrade Plugin| Yes| No| No| Yes
Add SCOM Console| No| No| No| Yes
Edit SCOM Console| No| No| No| Yes
Remove SCOM Console| No| No| No| Yes
Management Group Heartbeat| No| No| No| Yes
View Overview| Yes| Yes| Yes| Yes
View Console Management| Yes| Yes| Yes| Yes
View Monitored Devices| Yes| Yes| Yes| Yes
View Settings| Yes| Yes| Yes| Yes
Monitoring Cycle| Yes| No| No| Yes
Perform Synchronization| Yes| No| No| Yes
Downloads| Yes| Yes| Yes| Yes
User and credential management
Preloaded accounts
OpenManage Enterprise Integration for Microsoft System Center Operations
Manager uses the accounts provided by OpenManage Enterprise. For more
information on the preloaded account in OpenManage Enterprise, see
dell.com/support/home/en-us/product-support/product/dell-openmanage-
enterprise/docs.
Default credentials
Operations Manager uses the OpenManage Enterprise console’s default
credentials. See OpenManage Enterprise Security Configuration Guide at
dell.com/support/home/en-us/product-support/product/dell-openmanage-
enterprise/docs.
Authorization
After you log in to the OpenManage Enterprise console, the user can configure
features such as:
SCOM plugin supports an imported AD User Account with the following:
- Add Console
- Remove Console
- Edit Console
- Download Management Packs
- Change Monitoring Settings
Data security
The data that is maintained by OpenManage Enterprise Integration for Microsoft
System Center Operations Manager is stored and secured in internal databases
within the appliance and it cannot be accessed from outside. The data that is
in transit through Operations Manager is secured by a secure communication
channel.
NOTE: It is recommended that RESTful API users store credentials and data
retrieved securely as per your environment restrictions.
Cryptography
Sensitive data is encrypted and stored in an internal database. For more information, see the Security features in OpenManage Enterprise section in dell.com/support/home/en-us/product-support/product/dell-openmanage- enterprise/docs.
References
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>