Announcing iDRAC Credential Management in OpenManage Enterprise 4.0
Download PDFWed, 01 Nov 2023 15:25:10 -0000
|Read Time: 0 minutes
Summary
Dell OpenManage Enterprise is an infrastructure management console that offers a full lifecycle management solution for Dell PowerEdge Servers and provides many other features. Since its initial release, OpenManage Enterprise (or OME for short) has continued to add new features with every release. Among the list of new features, OME release 4.0 now supports optional iDRAC credential management. iDRAC credentials are required by OME for server management tasks. This new feature offers customers support for either internal OME iDRAC password rotation or iDRAC credential retrieval from CyberArk Central Credential Provider, an external third-party credential provider solution.
iDRAC password rotation
Overview
Many customers have a password rotation policy for iDRACs. OME 4.0 can now support this requirement by removing the need for administration accounts with static credentials on managed iDRACs. This feature is supported on iDRAC 7, 8, and 9. The internal password rotation feature in OME 4.0 can create and then update credentials on a scheduled basis for the managed iDRACs. The frequency of rotation can be set in the OME password management section and can range from daily to annual, as shown in the following figure.
Figure 1. OME iDRAC Password Management with Internal rotation selected
Enablement
After the OpenManage Enterprise version 4.0 virtual appliance has been installed, and the basic configuration has been applied, the first time an administrator logs into OME, an initial onboarding wizard executes. As part of this wizard, the iDRAC password rotation feature is enabled by default. Note: This rotation feature can only be disabled/enabled during this initial onboarding.
After the feature is enabled, the process to implement a rotation policy starts with the standard OME device discovery job, using an existing administrator level iDRAC account such as root / Calvin. To enable support for password rotation, an OME Advanced or OME Advanced+ license is required to be present on each iDRAC. During the server onboarding task, as OME discovers the new servers, OME automatically creates a unique OME service account with OME specific user account IDs and strong passwords on each iDRAC.
Figure 2. Initial OME onboarding wizard - One-time credential management enablement
After one or more servers are onboarded and the OME service accounts have been automatically created on each iDRAC, the credential type used for each server is displayed in OME on the All Devices page. Any server where password rotation is enabled is reported as credential type “Internal”. Servers for which rotation is not supported, for example where there is no OME Advanced license, are reported as “Discovery” (which means that OME will continue to use the credentials set at discovery). See Figure 3.
Figure 3. Credential type reporting
Using CyberArk for iDRAC credential retrieval
Overview
CyberArk is a third-party Identity and Access Management (IAM) security tool that offers comprehensive solutions to store and manage passwords across organizations. OME can be configured to interface with the CyberArk Central Credential Provider for managing iDRAC credentials.
Enabling CyberArk
To enable CyberArk, you must configure support details about the CyberArk vault on the iDRAC Password Management page in OME (Figure 4). An OME Advanced+ license is required to be present on each iDRAC.
Figure 4. CyberArk enablement
Servers with iDRAC CyberArk support enabled are reported as credential type “CyberArk” (Figure 5).
Figure 5. Credential type CyberArk reporting with drop down filter by type
Conclusion
With the new credentials features now available in OpenManage Enterprise release 4.0, Dell has added additional security features to OME that can support customers’ password rotation policies.
References
- Support page for OpenManage Enterprise (includes white papers and videos)
- OpenManage Documentation (User Guide, API Guide, and support matrix)
- OpenManage Enterprise API - Dell Technologies Developer
- GitHub Dell OpenManage Ansible Modules and example API scripts
- Dell Systems Management Info Hub (for white papers, tech notes, videos, and infographics)
- CyberArk.com