Dell 2.3 manual Security Roles and Permissions, Data Integrity

Page 11

2

OpenManage Integration for VMware vCenter Configuration

The following sections provide step-by-step instructions for the OpenManage Integration for VMware vCenter initial configuration. Upgrade, uninstallation, and security role information are also covered in the following sections.

Security Roles and Permissions

The OpenManage Integration for VMware vCenter stores user credentials in an encrypted format. It does not provide any passwords to client applications to avoid any improper requests that could lead to issues. The Backup Database are fully encrypted using custom security phrases, and therefore the data cannot be misused.

By default, users in the Administrators group have all the privileges. Administrators can use all the functions of the OpenManage Integration for VMware vCenter within VMware vSphere Client or Web Client. If you want a nonadmin user to manage the product, then create a role including both the Dell roles and then assign permission on the root/top node in the inventory and propagate permissions, as needed, on the child nodes to which you want to give access to the user. For example, if you want a user to manage only Cluster A, then keep the permissions on Cluster A and remove permissions from other clusters.

Data Integrity

Communication between the OpenManage Integration for VMware vCenter virtual appliance, Administration Console, and vCenter is accomplished using SSL/HTTPS. The OpenManage Integration for VMware vCenter generates an SSL certificate used for trusted communication between vCenter and the appliance. It also verifies and trusts the vCenter server's certificate before communication and the OpenManage Integration for VMware vCenter registration. The OpenManage Integration for VMware vCenter Console tab (in VMware vCenter) uses security procedures to avoid improper requests while the keys are transferred back and forth from the Administration Console and back-end services. This type of security causes cross-site request forgeries to fail.

A secure Administration Console session has a five-minute idle timeout, and the session is only valid in the current browser window and/or tab. If the user tries to open the session in a new window or tab, a security error is created that asks for a valid session. This action also prevents the user from clicking any malicious URL that could try to attack the Administration Console session.

Figure 1. Error Message

11

Image 11
Contents Page Page Contents Hardware Management End-To-End Hardware ManagementViewing Or Editing Hypervisor Profiles Console AdministrationConfiguring Network Settings Troubleshooting101 104 Dell platforms Key FeaturesOpenManage Integration for VMware vCenter InventoryOpenManage Integration for VMware vCenter Features Data Integrity Security Roles and PermissionsDell.Inventory Access Control Authentication, Authorization, And RolesDell Operation Role Dell Infrastructure Deployment RoleDell.Deploy Understanding PrivilegesPage Page Configuration Tasks Using the Configuration Wizard Creating a New Connection Profile Wizard Configuration Wizard WelcomeOpenManage Integration for VMware vCenter Home Configuring Events And Alarms Wizard Enter the Proxy Port number Setting Up a Proxy Server WizardScheduling Inventory Jobs Wizard Configuring the Deployment Credentials Wizard Running a Warranty Retrieval Job WizardEnabling The Omsa Link Wizard Setting The Default Firmware Update Repository WizardGeneral Settings Overview Configuring NFS SharesSettings Overview Creating a New Connection Profile Enabling The Omsa Link Outside the Configuration WizardEnable or Disable Server Warranty Expiration Notification To create a new connection profile Configuring Events And Alarms Setting Up a Proxy Server About Proxy ConfigurationRunning Inventory Jobs Running a Warranty Retrieval JobUsing The Http Proxy For Retrieving Web Based Data Dell Management Center, select Settings → Warranty ScheduleClick Begin Test Setting Up The Firmware RepositoryViewing or Editing Deployment Credentials Dell Online Shared Network FolderAdding Deployable Servers To a White List Server Security Settings For DeploymentEnabling a Deployable Server White List Related Information About Host, Bare Metal, and iDRAC Compliance IssuesRunning The Fix Non-Compliant vSphere Hosts Wizard Deleting Deployable Servers From a White ListRunning The Fix Non-Compliant Bare Metal Server Wizard Re-checking Bare Metal Server Compliance Downloading An ISO For Manual Firmware UpdatesIDRAC License Compliance Upgrading From a Trial Version To a Full Product Version Upgrading OpenManage Integration for VMware vCenterAbout OpenManage Integration for VMware vCenter Licensing Event Description Understanding Events And AlarmsConfigure Snmp Omsa trap destinations, if needed Monitoring the Datacenter And Host SystemDeploying the Omsa Agent onto an ESX System Understanding Omsa For 11th Generation Dell PowerEdge HostsClick Apply Changes Deploying The Omsa Agent Onto An ESXi SystemHost Information VSphere Client Host OverviewViewing Events Management Consoles Dell Online ServicesHost Actions Modifying An Inventory Job Schedule Resetting iDRACUnder Host Actions, select iDRAC Reset About Inventory ScheduleDisplaying The Inventory For a Single Host System in vCenter To update the Details of Last Inventory Job, click RefreshInventory And Licensing Viewing Storage Inventory Viewing Host Power MonitoringManaging Connection Profiles Viewing Or Editing An Existing Connection Profile Deleting a Connection Profile Testing a Connection ProfileDisplaying Logs in Dell Management Center Understanding System Event Logs In vSphere Client Host ViewRefreshing a Connection Profile Shared Network About Firmware UpdatesDisplaying The Event Logs For An Individual Host Dell ftp.dell.comFirmware Versions Older than July 29 Running The Firmware Update WizardSelect Update from repository Firmware Versions After October 14Updating Older Firmware Versions Enter maintenance mode, apply updates, and restartApply updates on next reboot Click Update Firmware Viewing Firmware Update Status for Clusters and Datacenters Advanced Host Management Using vCenterServer Based Management Tools Setting Up Physical Server Front Indicator LightWarranty Retrieval Under Host Actions, select Blink Indicator LightViewing Server Warranty Information For a Single Host Prerequisites Hardware ManagementServer States Within The Deployment Sequence Provisioning OverviewUnderstanding Deployment Job Times Downloading Custom Dell ISO Images Understanding How To Configure a Hardware ProfileCreating a New Hardware Profile ConfigurationPage Remotely Cloning a Hardware ProfileEnabling Csior On a Reference Server LocallyRenaming a Hardware Profile About Managing Hardware ProfilesViewing Or Editing a Hardware Profile Duplicating a Hardware ProfileCreating a New Hypervisor Profile Refreshing An Updated Hardware ProfileVlan Support Managing Hypervisor ProfilesDuplicating a Hypervisor Profiles Viewing Or Editing Hypervisor ProfilesRefreshing Hypervisor Profiles Building a New Deployment TemplateRenaming Hypervisor Profile Deleting a Hypervisor ProfileRenaming a Deployment Template Running The Deployment WizardDuplicating Deployment Templates Deleting a Deployment TemplateDeployment Wizard Deployment Templates Deployment Wizard Global SettingsDeployment Wizard Select Servers Deployment Wizard Server Identification Click Schedule servers for deployment Deployment Wizard Connection ProfileDeployment Wizard Scheduling Jobs Understanding Job QueueOn the Select Server tab, click Add Server Managing Deployment Jobs Using The Deployment Job QueueAdding a Server Manually Click Remove Selected Servers Removing a Bare Metal ServerOn the Select Servers tab, click Remove Servers Registering a vCenter Server Web-based Administration ConsoleManaging vCenter Server Connections VCenter sSupport OpenManage Integration for VMware vCenter RequirementsClick Register Versions of ESXi that should be supported on hosts managedUpdating The SSL Certificates For Registered vCenter Servers Modifying The vCenter Administrator LoginUpdating a Repository Location And Virtual Appliance Virtual Appliance ManagementRestarting The Virtual Appliance Updating the Virtual Appliance Software Version Downloading the Troubleshooting BundleSetting Up The Http Proxy Setting Up the NTP ServersUploading an Https Certificate Restoring the Default Https CertificateClick Restore Default Certificate for Https Certificates Generating a Certificate Signing RequestConfiguring Backup And Restore Setting up Global AlertsManaging Backup And Restore Click Backup Now Scheduling Automatic BackupsPerforming An Immediate Backup Restoring The Database From a BackupUnderstanding the vSphere Client Console Configuring Network SettingsChanging The Virtual Appliance Password Enter the Current Admin Password and press EnterRefreshing the Console View Setting The Local Time ZoneRebooting Virtual Appliance Resetting The Virtual Appliance To Factory SettingsMigration Path to migrate from 1.6/1.7 to Power on the OpenManage Integration version 2.3 applianceFrequently Asked Questions FAQ TroubleshootingVersion Affected All Firmware link communication error FTP TCP Rmcp UDP/TCP Select Temperatures under Main System Chassis Select the Enable Platform Event Filter Alerts check boxWhen I tried to use lockdown mode, it failed Go to https//vcenterserverIPAddress/mob Set UserVars.CIMoemProviderEnabled toHow Do I Force Removal of the Virtual Appliance? My vCenter Registration Failed. What Can I Do? My Firmware Update Failed. What Do I Do?Auto-Discovery and Handshake Prerequisites Bare Metal Deployment IssuesHardware Configuration Failure Enabling Auto-Discovery On a Newly Purchased SystemContacting Dell Event Name Description Severity Virtualization-related Events For Dell PowerEdge ServersNo action Dell Memory Device Dell Processor sensor Error Threshold value Independent error condition Dell Storage Controller Dell Storage Array disk Array disk warning Dell Watchdog Power Watchdog Power cycle Error Module information Information Dell Integrated Dual SD Auto-Discovery Prerequisites Understanding Auto-DiscoveryYou must have the iDRAC and host IP addresses Log in to the Integrated Dell Remote Access Controller GUIEnter the iDRAC IP address into a browser You must have the iDRAC and host IP addresses