HP Adaptive Infrastructure Solution Security For HP BladeSystem Matrix Abstract.............................................................................................................................................. 2 Introduction......................................................................................................................................... 2 HP BladeSystem Matrix components.......................................................................................................
Abstract The HP BladeSystem Matrix (Matrix) solution is an in the box, cloud infrastructure that brings the economics, scalability, and response times of the cloud to diverse applications across your data center. The BladeSystem Matrix combines capacity planning, disaster recovery, and automated provisioning with a self-service portal into one command center. This solution unites your physical and virtual environments. Matrix provides the foundation for an Adaptive Infrastructure data center environment.
Figure 1: HP Logical Server technology Server virtualization provides savings, ranging from the reduction of resources through consolidation to the more efficient use of the remaining resources. This technology can result in significant savings in both the amount of equipment required as well as the ongoing operating costs such as the costs associated with power and cooling or administration personnel.
strategy involves using multiple security mechanisms throughout the entire solution stack. The BladeSystem Matrix solution incorporates logical servers at the infrastructure level and this infrastructure is the foundation for a secure solution.
components comprise the BladeSystem Matrix solution, but several key components provide the substantive security model for the BladeSystem Matrix solution. HP Systems Insight Management (HP SIM) software is the foundation component providing the security model and security services to many other BladeSystem Matrix components. Therefore, HP SIM is the focal point for security coverage in many sections of this paper.
changes being visible to the external LAN and SAN environments. Virtual Connect provides a high degree of security for these sensitive operations, with sufficient granularity to distinguish those users who can manipulate Storage, Network, or Server. In addition, Virtual Connect provides the fundamental components for the core of a secure computing environment, eliminating the error prone physical process of rerouting cables and thus eliminating the associated security issues.
very nature also provides new ways to achieve greater degrees of security. The use of virtual servers in a computing environment introduces numerous security benefits that are either not available or entail significant cost and effort to achieve in a traditional environment. One obvious issue with the use of virtualization is the addition of code that performs new functionality, such as the hypervisor for server virtualization or additional firmware functionality for logical servers.
example, Virtual Connect Manager (VCM) prevents duplicate MAC addresses and WWNs on the network for servers in the same Virtual Connect Domain and Virtual Connect Enterprise Manage (VCEM) prevents duplicate MAC addresses and WWNs for servers across multiple Virtual Connect Domains. Within a Virtual Connect Domain, all MAC addresses and WWNs are restricted to a single server port at any one time.
you can plug-in these services into some hypervisors providing individual traffic control and virus scanning even if the VM guests do not utilize these services. Additionally, the snapshot capability of virtual machines can be used to restore functionality to a known good state if an attack occurs on a virtual machine.
reliable. HP Insight Orchestration builds on HP Insight Dynamics – VSE suite for ProLiant and includes workflow automation capabilities from HP Operations Orchestration. The Virtual Machine Manager (VMM), HP Insight Dynamics – VSE suite for ProLiant suite, and HP Insight Orchestration software help you effectively manage numerous virtualization technologies through the use of logical server provisioning and management.
Role Description Hardware administrator Uses OA, iLO, and Virtual Connect login credentials to appropriately configure the hardware for host, networking and storage components (configuring networking and storage aspects within the BladeSystem c-Class enclosure). Host system or operating system administrator Uses HP SIM, iLO, and SMH login credentials to manage a logical server, such as reboot through the iLO and direct management of the OS configuration through SMH or remote console.
that this approach avoids the potential error of locking out all users (the case where LDAP is not configured correctly and local users are locked out). Similar functionality is also supported for iLO. To streamline the number of separate logins that are required as an administrator performs different tasks (such as moving from HP SIM to the iLO or OA) HP SIM provides single sign-on.
Access control Safety deposit boxes in a bank have multiple security mechanisms in place to protect them. After people are authenticated, usually by a picture ID, they are allowed to enter the bank vault. However, each safety deposit box is locked and requires that a person have a key to access the contents of a particular box. In some cases two keys are required, one by the person seeking access and one supplied by the banking institution staff.
• The All Tools toolbox contains all tools installed in the CMS. • The Monitor Tools toolbox contains tools that display the state of the managed systems but not tools that change the state of the managed systems. For example, the Monitor Tools toolbox permits viewing installed software but does not permit installing software. This toolbox is be used by the operator role. • The Full Rights toolbox contains the tools used to perform administrative tasks on the CMS.
serves as a proxy to mediate and support privileged operations to be performed on the managed systems. To perform administrative activities on a managed system an administrative user first authenticates to HP SIM with valid credentials. When the user attempts to execute a command for a managed system the HP SIM authorization is verified to ensure that the requested command is authorized to run by the user on the specified system.
demonstrate individual accountability. Therefore, the HP SIM audit log might be needed to provide sufficient information for individual accountability, or you might have to view both the HP SIM audit trail and the managed host audit trail to have a complete picture of the actions that have taken place.
To ensure a high degree of security, iLO re-evaluates a user’s access privileges on every request to ensure validity. This means that the revocation or addition of access privileges is enforced on the next user request. The user does not need to log out and log back in for the changes to take effect. Virtual Connect defines the following administrative roles with which zero or more users can be associated: • Domain administrator—Performs domain specific activities (create/delete a user, update FW).
the appropriate operating system patches based on the results of security scans. VPM is especially useful in smaller IT environments where HP Server Automation has not been implemented. The VPM scanner probes its targets using multiple protocols (including SSH for Linux and DCOM for Windows) searching for operating system and selected application security vulnerabilities. The VPM patch agent can then apply patches for detected vulnerabilities.
Communication protection This section discusses traditional access controls on communications as well as methods for protecting data in transit. Additionally, the communications examined are not limited to traffic flowing over a local or wide area network (Ethernet traffic), but extend to communications that take place between and within components, for example, between a management access point (iLO or OA) and a server blade and within an HP BladeSystem c-Class enclosure.
Figure 5: BladeSystem Matrix secure communications The SSH protocol, used to securely execute commands on remote systems, is utilized when a terminal window is used to communicate with the HP SIM CMS, iLO OA, and Virtual Connect. An SSH connection can also be established between the HP SIM CMS and the managed systems (for example, when using the HP SIM Distributed Task Facility or mxexec command). In this case, SSH authenticates the remote system and allows the remote system to authenticate the user.
Enclosure communication This section describes the security mechanisms in place to protect communications between key management components within the BladeSystem enclosure. These components include the OA, iLO Virtual Connect module and blade servers. Both iLO and Virtual Connect provide the capability to create a separate secondary management network in parallel to the primary production network handling user data traffic.
from starvation of network bandwidth. From a security perspective, the data streams configured with Flex 10 are hardware separated, eliminating the possibility of cross channel snooping. Network In addition to the management communications and enclosure communications already covered you can utilize numerous other aspects of networking security to reduce risk in your environment.
connect c-Class blade. In this case NPIV is used to give the virtual machine access to data on a storage array through the shared enclosure uplink. In addition, this approach allows a storage administrator to monitor and route storage access on a per virtual machine basis. A further use of NPIV is possible with BladeSystem Matrix. A storage administrator can pre-define a set of data LUNs within the SAN. Each data LUN is presented to one or more initiator WWNs.
CommandView EVA software maintains an audit log of user actions and events that change the state of the system. Events are written to the CommandView audit log and the Windows Application Event Log. The CommandView audit log consists of a flat file on the CommandView server, which is protected by Windows file access permissions. Accountability and auditing Safety deposit boxes in a bank are highly protected. Anyone can walk into a bank building.
Figure 6: HP SIM audit log records Several features of the HP Systems Insight Manager Audit Log are configurable enabling the customer to customize the audited information for their environment. For example, one can specify which tools log data and the maximum Audit Log file size.
iLO, OA, VC, and EVA auditing In addition to the HP SIM audit logs, several significant audit logs are associated with hardware devices in the BladeSystem Matrix environment. These include audit trails for the iLO, OA, Virtual Connect, and the CommandView log for the EVA. The OA and iLO each maintain an event log containing date and time stamped records for configuration, operational, and security events that occur in these devices. The logs can be examined through a browser interface.
servers and therefore its integrity is a key design goal for HP engineers. Certificates and signed images are used to ensure the integrity of the iLO management processor. The iLO management processor firmware image is signed with a private key known only to HP. The iLO boot block uses the corresponding public key to verify the integrity of the firmware image. A successful check indicates that the firmware image is from HP and has not been tampered with. After this check passes, the boot process proceeds.
modify their own copy, but only if they are authorized to create planning scenarios for the systems in the original scenario. Virtual environment security policy and practice recommendations Most security policies and practices utilized in a traditional environment are applicable in a virtualized environment. However in a virtualized environment, these policies might require modifications and additions. Following are numerous security practices recommended by HP in a virtualized environment.
• Many components that utilize certificates are delivered with certificates signed by the provider (for instance HP SIM and SMH components). To achieve a higher level of security for these components, populate them with trusted certificates at deployment time. • Implement directory services. Directory services enable a consistent authentication and authorization process throughout the environment. You can also use directories for role-based access control. • HP recommends that you do not use local accounts.
Summary Using logical servers provides you numerous benefits to better utilize computing resources and helps you dynamically move resources to where they are needed. The BladeSystem Matrix solution provides a consistent interface to manage abstract servers, regardless of the underlying mechanism used (Virtual Connect, hypervisors, or vPars). Like many new technologies, virtualization introduces new threats.
For more information Source Hyperlink Managing the HP BladeSystem c-Class http://www.hp.com/servers/technology HP Insight Integrated Lights-Out security HP Integrated Lights-Out Security technology brief, 6th edition at HP Virtual Connect HP Virtual Connect for c-Class BladeSystem User Guide at http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00212796/c 00212796.pdf http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00865618/c 00865618.
