This page provides a list of recommended secure configuration checks for Dell EMC VMAX, and is periodically updated. VMAX is Dell EMC's flagship enterprise data storage system.
ID | System | Category | Configuration check |
K070100M0170 | Dell EMC VMAX | Access Control | Unisphere Session timeout |
K070100M0165 | Dell EMC VMAX | Access Control | Unauthorized user groups |
K070100M0160 | Dell EMC VMAX | Access Control | SYMAPI server session restrictions |
K070100M0155 | Dell EMC VMAX | Access Control | Security Administrator user |
K03010000150 | Dell EMC VMAX | Access Control | SE Host access list |
K030100M0145 | Dell EMC VMAX | Access Control | Remote support configuration |
K070100MP140 | Dell EMC VMAX | Access Control | Non-default local user accounts |
K070100MP135 | Dell EMC VMAX | Access Control | Non-default local administrative user accounts |
K020100M0130 | Dell EMC VMAX | Access Control | LUN masking |
K020100M0125 | Dell EMC VMAX | Access Control | FCID Lockdown |
K070100M0120 | Dell EMC VMAX | Access Control | ESRS Policy Manager 'Start Remote Terminal' setting |
K0701I0M0115 | Dell EMC VMAX | Access Control | EMC ECOM external connection limit per host |
K020100M0110 | Dell EMC VMAX | Access Control | Cloud IQ status |
K07010000105 | Dell EMC VMAX | Access Control | Approved SYMAPI/SYMCLI client hosts |
K070100MP100 | Dell EMC VMAX | Access Control | Approved Solutions Enabler (SE) management servers |
K070100M0335 | Dell EMC VMAX | Authentication | SYMAPI Access ID |
K070100M0330 | Dell EMC VMAX | Authentication | Maximum password age |
K0701000P325 | Dell EMC VMAX | Authentication | iSCSI CHAP authentication |
K070100M0320 | Dell EMC VMAX | Authentication | iSCSI - RADIUS configuration |
K07010000315 | Dell EMC VMAX | Authentication | Enhanced (Kerberos) user authentication |
K070100M0310 | Dell EMC VMAX | Authentication | EMC ECOM SSL server authentication |
K070100M0305 | Dell EMC VMAX | Authentication | EMC ECOM SSL client authentication |
K070100M0300 | Dell EMC VMAX | Authentication | EMC ECOM Non-CIMRequest authentication status |
K070100M0295 | Dell EMC VMAX | Authentication | EMC ECOM HTTP challenge mechanism |
K070100M0290 | Dell EMC VMAX | Authentication | EMC ECOM CST authentication cache refresh interval |
K070100M0285 | Dell EMC VMAX | Authentication | EMC ECOM CIMRequest authentication |
K070100M0280 | Dell EMC VMAX | Authentication | EMC ECOM certificate authentication status |
K070100M0275 | Dell EMC VMAX | Authentication | Default SNMP strings |
K07010000270 | Dell EMC VMAX | Authentication | Default passwords |
K070100M0265 | Dell EMC VMAX | Authentication | Default password (VASA/SE Virtual Appliance) |
K070100M0260 | Dell EMC VMAX | Authentication | Default password (Unisphere) |
K070100M0255 | Dell EMC VMAX | Authentication | Default password (ESRS Policy Manager Server) |
K070100M0250 | Dell EMC VMAX | Authentication | Default password (EMC VSI for VMware vSphere Web Client) |
K070100M0245 | Dell EMC VMAX | Authentication | Default password (EMC ViPR, ViPR reporting) |
K070100M0240 | Dell EMC VMAX | Authentication | Default password (EMC Solutions Integration Service) |
K070100M0235 | Dell EMC VMAX | Authentication | Default password (Dell EMC SRM) |
K070100M0230 | Dell EMC VMAX | Authentication | Cross-host authentication for client-server comm |
K070100M0225 | Dell EMC VMAX | Authentication | Central authentication |
K070100M0375 | Dell EMC VMAX | Authorization | SYMCLI file permissions |
K070100M0370 | Dell EMC VMAX | Authorization | SYMCLI directory permissions |
K070100M0365 | Dell EMC VMAX | Authorization | storsrvd directory access restriction |
K070100M0355 | Dell EMC VMAX | Authorization | Secure view of user authorization rules |
K070100M0360 | Dell EMC VMAX | Authorization | Secure view of user authorization rules |
K070100M0340 | Dell EMC VMAX | Authorization | Log event file permission |
K070100M0350 | Dell EMC VMAX | Authorization | Authorization control enforcement mode |
K070100M0345 | Dell EMC VMAX | Authorization | Authorization control disabled |
K060100M0395 | Dell EMC VMAX | Backup and Recovery | Snapshot retention |
K060100M0390 | Dell EMC VMAX | Backup and Recovery | Secure snaps |
K070100M0385 | Dell EMC VMAX | Backup and Recovery | Remote replication |
K070100M0380 | Dell EMC VMAX | Backup and Recovery | GNS DB backup |
K070100M0490 | Dell EMC VMAX | Configuration Management | Unisphere for VMAX version |
K070100M0485 | Dell EMC VMAX | Configuration Management | Target SYMAPI version |
K070100M0480 | Dell EMC VMAX | Configuration Management | Target array microcode version |
K070100M0475 | Dell EMC VMAX | Configuration Management | SYMAPI host configuration |
K0701I0M0450 | Dell EMC VMAX | Configuration Management | SSL certificate status |
K070100M0470 | Dell EMC VMAX | Configuration Management | SRDF Adapter for VMware Site Recovery Manager version |
K070100M0465 | Dell EMC VMAX | Configuration Management | Solutions Enabler version |
K070100M0460 | Dell EMC VMAX | Configuration Management | Mainframe Enablers version |
K070100M0455 | Dell EMC VMAX | Configuration Management | Key server |
K1101I0M0440 | Dell EMC VMAX | Configuration Management | Enginuity patch level |
K110100M0435 | Dell EMC VMAX | Configuration Management | eNAS version |
K070100MP430 | Dell EMC VMAX | Configuration Management | eNAS management interface |
K070100M0425 | Dell EMC VMAX | Configuration Management | EMC SRDF/Cluster Enabler Plug-in version |
K070100M0420 | Dell EMC VMAX | Configuration Management | Embedded Unisphere (eMGMT) |
K07010000415 | Dell EMC VMAX | Configuration Management | DNS configuration |
K070100M0410 | Dell EMC VMAX | Configuration Management | Dell EMC Unisphere 360 version |
K070100M0405 | Dell EMC VMAX | Configuration Management | Dell EMC AppSync version |
K0701I0M0445 | Dell EMC VMAX | Configuration Management | Certificate issuer |
K070100M0400 | Dell EMC VMAX | Configuration Management | Central Certificate Authority (CA) |
K0301I0M0565 | Dell EMC VMAX | Encryption | TLS level check |
K070100M0560 | Dell EMC VMAX | Encryption | SYMAPI SSL cipher suite strength |
K070100M0555 | Dell EMC VMAX | Encryption | SYMAPI encryption |
K070100M0550 | Dell EMC VMAX | Encryption | Secure management server communication |
K070100M0545 | Dell EMC VMAX | Encryption | SE client security level |
K070100MP540 | Dell EMC VMAX | Encryption | PowerPath Encryption |
K070100M0535 | Dell EMC VMAX | Encryption | NONSECURE/ANY connection |
K070100M0530 | Dell EMC VMAX | Encryption | LUN data-at-rest encryption |
K070100M0525 | Dell EMC VMAX | Encryption | iSCSI - Wire encryption (IPSec) |
K070100M0520 | Dell EMC VMAX | Encryption | http service status |
K07010000515 | Dell EMC VMAX | Encryption | EMC ECOM SSL/TLS protocol |
K020100M0510 | Dell EMC VMAX | Encryption | EMC ECOM SSL cipher suite |
K070100M0505 | Dell EMC VMAX | Encryption | EMC ECOM roles file encryption |
K070100M0500 | Dell EMC VMAX | Encryption | EMC ECOM encryption algorithm |
K07010000495 | Dell EMC VMAX | Encryption | Data encryption at-rest |
K0701I0M0580 | Dell EMC VMAX | Hardening | SYMAPI strict certificate client name validation |
K070100M0575 | Dell EMC VMAX | Hardening | SYMAPI FIPS mode |
K070100MP585 | Dell EMC VMAX | Hardening | Storsrvd daemon restriction |
K070100M0570 | Dell EMC VMAX | Hardening | EMC ECOM FIPS mode |
K0701000P220 | Dell EMC VMAX | Log | SE Local audit log retention |
K070100M0215 | Dell EMC VMAX | Log | SE host NTP server redundancy |
K070100M0210 | Dell EMC VMAX | Log | SE host NTP server configuration |
K070100M0205 | Dell EMC VMAX | Log | SE event / syslog configuration |
K070100M0200 | Dell EMC VMAX | Log | SE centralized log server |
K070100M0195 | Dell EMC VMAX | Log | SE Background Audit logging |
K070100M0190 | Dell EMC VMAX | Log | EMC ECOM security logging enabled |
K090100M0185 | Dell EMC VMAX | Log | EMC ECOM CST logging status |
K0901I0M0180 | Dell EMC VMAX | Log | Centralized log server redundancy |
K0701I0M0175 | Dell EMC VMAX | Log | Approved syslog servers |
K070100M0610 | Dell EMC VMAX | Monitoring | Unisphere SMTP server configuration |
K070100M0605 | Dell EMC VMAX | Monitoring | SNMP trap client configuration |
K070100M0600 | Dell EMC VMAX | Monitoring | SNMP services status |
K070100M0595 | Dell EMC VMAX | Monitoring | SNMP active clients |
K070100M0590 | Dell EMC VMAX | Monitoring | Email notification settings |
K070100M0620 | Dell EMC VMAX | Services and Protocols | Telnet service status |
K070100M0615 | Dell EMC VMAX | Services and Protocols | HTTP port disabled |
... and more. |
NOTE: Secure configuration checks should be performed also against additional components such as AppSync, Unisphere 360, Solutions Enabler and other related components.
Interested to learn about StorageGuard secure configuration checks for VMAX?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.