Dell SupportAssist: Security Considerations

Similar documents
Dell SupportAssist Version 1.2 For Dell OpenManage Essentials Quick Start Guide

Dell SupportAssist Version For Dell OpenManage Essentials Quick Start Guide

Installing Dell OpenManage Essentials

Installing Dell OpenManage Essentials

Configuring Alert Actions in OpenManage Essentials

Managing and Monitoring a Virtualization Environment Using OpenManage Essentials

Dell IT Assistant Migration To OpenManage Essentials

Lifecycle Controller Platform Update in Dell PowerEdge 1 2 th Generation Servers

Dell SupportAssist Version 1.0 For Microsoft System Center Operations Manager User's Guide

Business Intelligence on Dell Quickstart Data Warehouse Appliance Using Toad Business Intelligence Suite

Dell SupportAssist Version 2.1 for Dell OpenManage Essentials User's Guide

Using Dell Repository Manager to Find Newer Updates from the Dell Online Repository

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials User's Guide

Understanding Discovery and Inventory of Dell Devices

Dell SupportAssist Version 1.2 for Servers User s Guide

Dell OpenManage Cluster Configurator on Dell PowerEdge VRTX

Dell OpenManage Essentials v2.0 Support for Dell Client Devices

Security in the Privileged Remote Access Appliance

Dell Server Migration Utility (SMU)

TSS-7/TSS-10 7" and 10.1" Room Scheduling Touch Screens

Wavecrest Certificate SHA-512

Crestron Mercury Tabletop UC Audio Conference Console for Microsoft Teams

Dell OpenManage Essentials v1.1 Supporting Dell Client Devices

Dell SupportAssist: Alert Policy

Dell EMC SupportAssist Enterprise Version 1.0 User's Guide

Service Manager. Database Configuration Guide

Dell SupportAssist Version 1.0 for Servers User s Guide

FAQ about Communication

Installing and Configuring vcenter Multi-Hypervisor Manager

Dell SupportAssist Version for Servers User s Guide

Installation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0

Dell OpenManage Essentials Device Support

OpenManage TM Integration for VMware vcenter FAQ

Dell Management Console Best Practices

VMware Horizon View Deployment

SupportAssist Enterprise Version 2.0 Quick Setup Guide

Lifecycle Controller Part Replacement

Cloud Link Configuration Guide. March 2014

Intel Unite. Intel Unite Firewall Help Guide

Installing and Configuring vcloud Connector

Lifecycle Controller with Dell Repository Manager

Using Dell Repository Manager to Create a Deployment Media (Bootable ISO) to Perform Systems Updates

Enterprise Vault Requesting and Applying an SSL Certificate and later

Virtualization Support in Dell Management Console v1.0

SonicWALL VPN with Win2K using IKE Prepared by SonicWALL, Inc. 05/01/2001

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

WhatsConfigured v3.1 User Guide

OpenManage Integration for VMware vcenter Version 4.2. Web Client User's Guide

SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON

Workspace ONE UEM Notification Service 2. VMware Workspace ONE UEM 1811

Best Practices for Configuring the Dell Compellent SMI-S Provider for Microsoft SCVMM 2012

INSTALLATION GUIDE. Assign an IP Address and Access the Video Stream

(Document Insight Evaluation Title) Quick Start Guide (Product Version 10.0

Deploying OpenManage Server Administrator using OpenManage Essentials

4 Enter an IP address and sub-net mask for the ftp server and. 5 Go to the [System and Maintenance] > [Administrative Tools]

Intel Small Business Extended Access. Deployment Guide

McAfee Network Security Platform 9.2

Ekran System High Availability Deployment Guide

SCCM Plug-in User Guide. Version 3.0

VMware AirWatch Content Gateway Guide for Windows

Installing Dell EMC OpenManage Essentials

VII. Corente Services SSL Client

VMware AirWatch Content Gateway Guide for Linux For Linux

NetBackup Collection Quick Start Guide

OpenManage Integration for VMware vcenter Using the vsphere Client Quick Install Guide Version 2.0

VMware AirWatch Content Gateway Guide for Windows

Dell PowerVault NX1950 configuration guide for VMware ESX Server software

Dell SupportAssist Version 1.2 For Dell OpenManage Essentials Support Matrix

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Dell SupportAssist Version 2.1 for Dell OpenManage Essentials Quick Setup Guide

VMware AirWatch Content Gateway Guide for Windows

Security in Bomgar Remote Support

Service Manager. Installation and Deployment Guide

Dell EMC OpenManage Mobile. Version User s Guide (Android)

Comodo Dome Data Protection Software Version 3.8

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

Using Dell Repository Manager to Update Your Local Repository

VMware AirWatch Content Gateway Guide for Windows

Avaya Converged Platform 130 Series. idrac9 Best Practices

Syncplicity Panorama with Isilon Storage. Technote

OpenManage Integration for VMware vcenter for Desktop Client User's Guide Version 3.1

McAfee Firewall Enterprise epolicy Orchestrator Extension

FieldView. Management Suite

HYCU SCOM Management Pack for F5 BIG-IP

OpenManage Integration for VMware vcenter Version 4.3. Web Client User's Guide

Scheduled Automatic Search using Dell Repository Manager

Remote Asset Manager. Version 2.2. Administrator's Guide

RealPresence Access Director System Administrator s Guide

Dell SupportAssist Version 1.3 for Servers Release Notes

Aspera Connect Windows XP, 2003, Vista, 2008, 7. Document Version: 1

Lifecycle Controller Part Replacement

TS-1542/TS-1542-C 15.6 in. HD Touch Screens

Demos.Dell.com Guide: SupportAssist for Servers or with OpenManage Essentials

Client Proxy interface reference

McAfee Network Security Platform

VMware Content Gateway to Unified Access Gateway Migration Guide

OpenManage Integration for VMware vcenter Version Web Client Installation Guide

HYCU SCOM Management Pack for F5 BIG-IP

vstart 50 VMware vsphere Solution Specification

Transcription:

Dell SupportAssist: Security Considerations This Dell Technical FAQ document provides details on how SupportAssist maintains data security and privacy, and also defines the network configurations required for SupportAssist. Version 1.0 Dell Services Product Group

Contents Introduction... 3 What data does SupportAssist collect?... 3 Can the data be filtered before being transmitted back to Dell?... 3 How is my data transferred to Dell?... 4 What steps does Dell take to safeguard customer information?... 4 Who has access to the SupportAssist collected data at Dell?... 4 What are the network settings requirements?... 5 How to Identify SSL Connection Failure?... 6 How To Install Root Certificates?... 6 Tables Table 1. Settings For SupportAssist Server (Management Station)... 5 Table 2. Settings For Managed des and idrac... 5 This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided as is, without express or implied warranties of any kind. 2013 Dell Inc. All rights reserved. Dell and its affiliates cannot be responsible for errors or omissions in typography or photography. Dell, the Dell logo, and PowerEdge are trademarks of Dell Inc. Intel and Xeon are registered trademarks of Intel Corporation in the U.S. and other countries. Microsoft, Windows, and Windows Server are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims proprietary interest in the marks and names of others. July 2013 Version 1.0 ii

Introduction Dell SupportAssist, integrated with the Dell OpenManage Essentials systems management console, is a capability that enables automated support from Dell by remotely identifying issues in your IT environment. Dell s robust and easy to use proactive support technology allows us to identify, diagnose, and resolve issues faster and more precisely with less of your involvement reducing downtime and letting you get back to business. SupportAssist is available to all Dell customers but only systems with ProSupport or ProSupport Plus will receive the automated support referenced in this document. Systems with Basic Service will send information back to Dell to speed troubleshooting on a reactive basis. This document provides details on how SupportAssist maintains data security and privacy and also defines the network configurations required to successfully enable SupportAssist functionality in your environment. What data does SupportAssist collect? SupportAssist collects data that is required for troubleshooting hardware issues and providing proactive support from our ProSupport engineers.. SupportAssist does not collect any user files stored on the system, any passwords or any information about application usage. SupportAssist collection includes following types of data: Hardware configuration installed device, processor, memory, network device and usage Event Data Windows event logs, core dump, and debug logs Software configuration for servers operating system and installed applications Network Identity information computer name, domain name, and IP address For more details on the data collection, see: Windows Data Collection Linux/ESX Data Collection SupportAssist also stores the contact information that is provided during SupportAssist registration or SupportAssist configuration screens which includes customer name, email address and phone numbers. Can the data be filtered before being transmitted back to Dell? User cannot manually filter the data before it is transmitted to Dell. However, user can choose not to send network identity information to Dell by going to settingspreferences page and uncheck the option for sending the network identity information and it will remove following information from the collection before it is sent to Dell. Host name IP address Subnet mask Default gateway MAC address DHCP server DNS server Processes Environment variables Registry 3

Logs iscsi data te : These changes may limit the ability of technical support to troubleshoot the issue. How is my data transferred to Dell? The data sent from your Dell systems to Dell is encrypted with 128 bit encryption and transferred securely using SSL protocol. The data is stored in compliance with the Dell Privacy Policy.and the Dell Data Security Policy What steps does Dell take to safeguard customer information? Dell hosts SupportAssist data including the application, systems, network and security components in a USbased data center designed to maintain high levels of availability and security. Dell protects your data by using a wide variety of measures, including Physical security Features include, but are not limited to: On-premise security guards Rigorous exterior building security, including cameras, false entrances, vehicle blockades, specialized parking lot design, bulletproof glass and walls, and the use of an unmarked building Interior pan/tilt/zoom security cameras with digital recorders Network security All monitoring components are located behind a firewall and are managed by a Dell network security team. We tightly control all network traffic, requiring all inbound traffic to be transmitted via specific ports and sent only to appropriate destination network addresses. Server and database security Servers and OS components reside on standard images that have undergone security review. We regularly review security updates used by the application, including those published by Microsoft and vendors of other software. When critical security updates are issued, we test them first on nonproduction images and generally apply them to live servers within 48 hours. Procedural security Dell groups who have access to Dell SupportAssist components (such as the database administration group and the operational support team) are assigned separate duties and access rights. All updates to the production environment go through a defined change control process that incorporates checks and balances. Auditing Dell retains proprietary monitoring hosting device logs, accessible only by Dell. These logs record all attempts to log into or access the OS or SupportAssist Web Server Console, as well as every write or escalation operation performed by an authenticated user on the Server Console. Who has access to the SupportAssist collected data at Dell? SupportAssist collected data is accessible by technical support agents who use it for troubleshooting hardware issues reported by SupportAssist. The data is also available to Technical Account Managers for their respective accounts for providing technical recommendation to ProSupport Plus and ProSupport Flex customers. The data is not shared for sales or promotional purposes. Dell takes information security and privacy seriously. Above described mechanisms makes sure that customer data collected by SupportAssist is secure and used only for support purposes. 4

What are the network settings requirements? SupportAssist uses SSL for secure communication between SupportAssist and Dell, so port 443 needs to be opened in the firewall for successful SSL communication. SupportAssist uses the following endpoints for data upload: api.dell.com ddldropbox.us.dell.com/upload.ashx The following tables provide more information about port settings for SupportAssist. Table 1. Settings For SupportAssist Server (Management Station) Number Protocol Type Maximum Encryption Level Direction Usage Configurable 162 SNMP UDP ne In Event reception through SNMP 143 Proprietary TCP ne In/Out If SQL server is remote 443 HTTPS TCP ne In/Out Communication with Dell Yes Table 2. Settings For Managed des and idrac Number Protocol Type Maximum Encryption Level Direction Usage Configurable 161 SNMP UDP ne In/Out SNMP query management 443 HTTPS TCP ne In/Out idrac and ESXi discovery and DSET collection If the management server connects to the Internet through a proxy server, you must configure the Proxy Settings in SupportAssist. To configure the proxy server settings, click Settings Proxy Settings, and follow the instructions on the screen. Verify that the SupportAssist client is able to communicate with the SupportAssist server hosted by Dell by performing the email connectivity test. For more information, see Email Connectivity Test in the SupportAssist User s Guide. If there is a SSL connection failure, you must install the required root certificates. To identify and resolve a SSL connection failure, see the following sections. 5

How to Identify SSL Connection Failure? SSL connection failure may occur if your system does not have the required certificate installed from the issuing root certificate authority, GTE CyberTrust Global Root. All Dell certificates are issued from this certificate authority. To verify if the certificate is installed in Internet Explorer: 1. Click Tools Internet Options The Internet Options dialog box is displayed. 2. Click the Content tab, and then click Certificates The Certificates dialog box is displayed 3. Click the Trusted Root Certification Authorities tab 4. Scroll to verify if GTE CyberTrust Global Root is listed in the Issued To and Issued By columns. If GTE CyberTrust Global Root is not listed, you must install the required certificates. To install the certificates, see next section on How To Install Root Certificates. How To Install Root Certificates? Before you begin, ensure the following: You must be logged in to the user account with which SupportAssist was installed You must have administrator privileges The SupportAssist service must be running To resolve SSL connection issues, you must install the following root certificates Dell_Inc_Enterprise_Issuing_CA1.cer Dell_Inc_Enterprise_CA.cer GTE_CyberTrust Global Root.cer These certificates should be installed in the Trusted Root Certification Authorities and Intermediate Certification Authorities folders of the current user and local computer: Here are instructions on how to install these certificates. 1. Click Start Run. The Run dialog box is displayed. 2. In the Open box, type mmc, and click OK. The Console 1 [Console Root] window is displayed. 3. Click File Add/Remove Snap-in. The Add or Remove Snap-ins dialog box is displayed. 4. Under Available snap-ins, select Certificates, and click Add >. The Certificates snap-in dialog box is displayed. 6

5. Ensure that My user account is selected, and then click Finish. 6. In the Add or Remove snap-ins dialog box, click Add >. The Certificates snap-in dialog box is displayed. 7. Select Computer account and click Next. The Select Computer dialog box is displayed. 8. Ensure that Local computer (the computer this console is running on) is selected, and click Finish. 9. In the Add or Remove snap-ins dialog box, click OK. 10. Under the Console Root, click Certificates Current User. 11. Right-click Trusted Root Certification Authority All Tasks Import. 12. Click Next. The File to Import dialog box is displayed. 13. Browse to select the location of the certificate files, select a certificate file and click Next. The Certificate Store information is displayed. 14. Click Next. 15. Click Finish. 16. Perform step 11 to step 15 until all three certificate files are imported. 17. Right-click Intermediate Certification Authorities All Tasks Import. 18. Perform step 12 to step 15 until all three certificate files are imported. 19. Under the Console Root, click Certificates Local Computer. 20. Right-click Trusted Root Certification Authority All Tasks Import. 21. Perform step 12 to step 15 until all three certificate files are imported. 22. Right-click Intermediate Certification Authorities All Tasks Import. 23. Perform step 12 to step 15 until all three certificate files are imported 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback