HP StorageWorks Command View XP Advanced Edition Device Manager Server Installation and Configuration Guide (December 2005)
Command View XP AE Device Manager Network Configuration 20
Figure 2-2 Most Secure Configuration: Separate Management LAN Plus Firewall
2-3-2 Second-most Secure Configuration: Separate Management LAN
plus Firewalled Devices under Management
In this configuration, the server hosting the Device Manager server and all other management servers
may be single homed, and the actual devices under management are separated from Device
Manager by a firewall. The firewall’s rules restrict access to the arrays to the Device Manager server
and any other required management application. Management clients accessing Device Manager are
not allowed to pass traffic through the firewall to directly talk to the managed arrays, but can
participate in management operations directly with Device Manager or the management application.
This configuration is the second most secure, and is more flexible than the previous option. While this
configuration protects the devices under management, it does not protect the management
application servers themselves. Therefore all management application servers should be hardened to
the maximum possible extent.
Figure 2-3 illustrates a separate management LAN plus firewalled devices under management.