Highlighted
Zachary089
Copper

How to encrypt WS-MAN traffic

Not for sure if this has already been discussed, my apologies if so.

I work in a DOD environment where my OME server needs to be STIG'd. Part of the STIG's will not allowing unencrypted WinRM traffic. I have been trying to research a way to configure iDRAC to encrypt the ws-man traffic during inventory and discovery, as well as out-of-band updating. Just not for sure how to properly set this up. Any help is appreciated!

Thanks,

Zac

0 Kudos
2 Replies

RE: How to encrypt WS-MAN traffic

Hi Zac,

From OME point of view, encrypted traffic is allowed. You need to ensure following winrm configuration is met:

>winrm get winrm/config/client

Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = false
Auth
     Basic = true
     Digest = true
     Kerberos = true
     Negotiate = true
     Certificate = true
     CredSSP = false
DefaultPorts
     HTTP = 5985
     HTTPS = 5986
TrustedHosts

To enable from iDRAC side, I would request you to cross-post this query on general forum below:

en.community.dell.com/.../4469

Thanks,

Shivendra

0 Kudos
Zachary089
Copper

RE: How to encrypt WS-MAN traffic

Thanks for the quick response! I will head over to the other forum to discuss the encrypted traffic from iDRAC.

Thanks!

0 Kudos