What’s New in Unity OE 5.3?
Fri, 05 May 2023 14:27:52 -0000
|Read Time: 0 minutes
Dell Unity OE version 5.3 is the latest software release for the Dell Unity platform. Because this release focuses on Serviceability and Security features and enhancements, this blog covers a high-level overview of its major features.
Here’s what to expect in this software release, followed by additional details about each category:
- Serviceability – Multiple serviceability enhancements and features that include Dynamic PUHC, Periodic ODFU, and our next-generation remote connectivity service called SupportAssist.
- Security – Multiple security enhancements and features including Remote Secure Credentials (RSC) for remote connectivity, vCenter Certificate Verification for SSL communication, and HTTP security headers for further protection against malicious attacks.
Serviceability
Dynamic Pre-Upgrade Health Checks
The Dell Unity system has always incorporated a Pre-Upgrade Health Check (PUHC) into its OE, which is used to detect problems on a system that would prevent a successful software or hardware upgrade. With Dell Unity OE version 5.3, a Pre-Upgrade Health Check file can now be remotely pushed and installed to a Dell Unity system through its SupportAssist connection.
This feature helps ensure that connected systems are always running the latest recommended health check version, to aid in identifying and resolving issues that would prevent a successful upgrade. Once a day, the Dell Unity systems will reach out and check for a newer version of a Pre-Upgrade Health Check through its SupportAssist connection.
Periodic Online Drive Firmware Update
Since Dell Unity OE version 5.0, the latest drive firmware has been bundled with the OE upgrade file. This allows for a single file to be uploaded to the system for upgrading both OE and drive firmware at the same time. With Dell Unity OE 5.3, the system now periodically checks for any drives running lower revision firmware than the last accepted one, and runs the Online Disk Firmware Upgrade (ODFU) package on the system. This process is called Periodic ODFU and is designed to address any drives that have been added or replaced in the system that may be running on out-of-date drive firmware.
The system runs the periodic ODFU once a week to check and upgrade any out-of-date drives that are installed on the Dell Unity system. If the periodic ODFU process identifies any offending disks, the system first runs a pre-upgrade health check to ensure that the system is healthy. It then runs the drive firmware upgrade. This process also only uses a drive firmware bundle that has been previously run on the system.
SupportAssist
Dell Unity’s existing remote support and connect home capability is called Secure Remote Services (SRS). SRS can be configured in two different topologies: Integrated mode and Centralized mode. With the release of Dell Unity OE version 5.3, SupportAssist is replacing SRS for physical Dell Unity systems. SupportAssist is Dell’s next generation of connect home software with the latest automated health and system monitoring capabilities.
SupportAssist still retains the two topologies:
- Centralized mode, now referred to as “Connect through a Gateway Server”
- Integrated mode, now referred to as “Connect Directly”
The requirement for a Gateway Server configuration with Dell Unity OE 5.3 is Secure Connect Gateway (SCG) version 5.12 or higher. Any user that currently is using a version of SCG below 5.12 or is still using ESRS gateway should upgrade or migrate to a minimum SCG version of 5.12 or later before upgrading to Dell Unity OE 5.3 release.
Table 1. Remote support changes for physical Dell Unity systems (OE version 5.3)
| Formerly: | Currently: |
| Secure Remote Services (SRS) | SupportAssist |
Topologies |
|
|
|
|
For each of the connect home methods, there are two additional options that can be enabled. The “Inbound connectivity for remote access” option allows authorized Dell Technologies service personnel to securely troubleshoot your system remotely. When not selected, only outbound communications and remote file transfer are allowed. The last option is the Remote Secure Credentials (RSC) option, which is described in the Security section of this blog.
Security
Remote Secure Credentials (RSC)
With the Dell Unity OE version 5.3 release, Dell Technologies has implemented Remote Secure Credentials (RSC) connectivity for remote access. The RSC option can be enabled through the Unisphere GUI under Settings > SupportAssist. The RSC option allows authorized Dell Technologies service personnel to authenticate with your system by using a unique one-time Dell-generated credential. This feature enables quicker responses and better security because there is no longer a need to provide Dell Technologies service personnel with access credentials for the system.
vCenter certificate verification
Starting with Dell Unity OE version 5.3, Dell Unity can now reach out to vCenter when establishing its initial connection and present the vCenter certificate to the end user for verification and acceptance. When the vCenter's certificate is accepted, Unisphere is then able to securely establish an SSL-authenticated session with the vCenter.
When a system is upgraded to OE 5.3, Unisphere sets the Health Status for existing vCenters to the Warning state, and requests that you review and accept the vCenter certificate. When the certificate has been accepted, the vCenter's connection is upgraded from a non-secure session to an SSL-secured session.
HTTP security headers
HTTP headers are designed to provide instructions to the end user’s web browser on how to behave when interacting with web services. These headers are implemented in each web page, including the Unisphere GUI. The HTTP implementation on current Dell Unity systems can trigger security scan tools to flag the Unisphere web services as vulnerable due to additional security headers not being set.
With the Dell Unity OE 5.3 release, we address these security concerns by implementing two new HTTP security headers for port 443:
- X-Content-Type-Options of type “nosniff”
- Content-Security-Policy set to “self”
These HTTP headers further harden Dell Unity's security posture by providing an additional layer of defense against cross-site scripting attacks and Media Type (MIME) sniffing attacks against the Dell Unity system from vulnerable browsers.
Conclusion
This blog has outlined just a few of the major features in the Dell Unity OE version 5.3 release. Check out the Resources section for additional information about its features!
Resources
Author: Stephen Granger, Senior Engineering Technologist