HP StorageWorks Command View XP Advanced Edition Device Manager Server Installation and Configuration Guide (December 2005)
Command View XP AE Device Manager Network Configuration 21
Figure 2-3 Second-most Secure Configuration: Separate Management LAN plus Firewalled Devices
2-3-3 Third-most Secure Configuration: Dual-Homed Management
Servers plus Separate Management LAN
In this configuration, the management servers themselves act as the intersection point between the
management LAN and a production LAN. The server running Device Manager or management
applications is dual-homed. One NIC is attached to the management LAN along with the devices
under management, and the second NIC is attached to a production LAN along with the management
clients (e.g., the Device Manager GUI). Because the management application servers actually act as
the gateway between the production LAN and the management LAN, and there is no additional
firewall, you must be very sure that the server itself will not route traffic between the two networks.
This configuration is the third most secure, and is more flexible than either of the previously-described
configurations. While it protects the devices under management, it does not protect the management
application servers themselves. Therefore, all management application servers should be hardened to
the maximum possible extent. Additionally, because the management application servers themselves
act as gateways between the two LANs, OS hardening is more important.
Figure 2-4 illustrates dual-homed management servers plus a separate management LAN.