How to encrypt WS-MAN traffic - Dell OpenManage Essentials - Systems Management - Dell Community
Systems Management Forums

How to encrypt WS-MAN traffic

Systems Management

Systems Management
Dell Systems Management Solutions: Dell OpenManage, iDRAC, Repository Manager, Microsoft SCCM, Chassis Managment Controller, and more

How to encrypt WS-MAN traffic

  • Not for sure if this has already been discussed, my apologies if so.

    I work in a DOD environment where my OME server needs to be STIG'd. Part of the STIG's will not allowing unencrypted WinRM traffic. I have been trying to research a way to configure iDRAC to encrypt the ws-man traffic during inventory and discovery, as well as out-of-band updating. Just not for sure how to properly set this up. Any help is appreciated!

    Thanks,

    Zac

  • Hi Zac,

    From OME point of view, encrypted traffic is allowed. You need to ensure following winrm configuration is met:

    >winrm get winrm/config/client

    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
    Auth
         Basic = true
         Digest = true
         Kerberos = true
         Negotiate = true
         Certificate = true
         CredSSP = false
    DefaultPorts
         HTTP = 5985
         HTTPS = 5986
    TrustedHosts

    To enable from iDRAC side, I would request you to cross-post this query on general forum below:

    en.community.dell.com/.../4469

    Thanks,

    Shivendra

  • Thanks for the quick response! I will head over to the other forum to discuss the encrypted traffic from iDRAC.

    Thanks!