Manualshelf

HP Adaptive Infrastructure Solution Security for BladeSystem Matrix

ManualsBrandsHP ManualsSoftwareHP Insight Server Migration X2X Unlimited Migration 1yr Supp/Updates SW License
12345678910
reliable. HP Insight Orchestration builds on HP Insight Dynamics – VSE suite for ProLiant and includes
workflow automation capabilities from HP Operations Orchestration.
The Virtual Machine Manager (VMM), HP Insight Dynamics – VSE suite for ProLiant suite, and HP
Insight Orchestration software help you effectively manage numerous virtualization technologies
through the use of logical server provisioning and management. It is imperative that the management
and movement of these logical servers have adequate security protections. Logical server security can
be divided into two aspects, the security of the underlying virtualization technology (such as a
hypervisor) and the security associated with the management of the logical server. As described
earlier in this paper, the BladeSystem Matrix solution interacts with many hypervisors to enable
logical server management of the hypervisors. For information on the security of these specific
hypervisors, see documentation of security information on the specific hypervisor that you plan to
deploy. Pointers to relevant information can be found at the end of this document in the “
For more
information” section. The remainder of this paper describes the security provided by the BladeSystem
Matrix solution for a logical server environment. These include mechanisms to:
Ensure the confidentiality and integrity of logical server management communications.
Log all actions which manipulate server instances in the HP SIM and other audit log files.
Provide separation of duties and role based access control for the management of the logical server
environment.
Identification and authentication
The first step in protecting a business is to ensure that only authorized individuals have access. In the
computing environment this is usually controlled with a login and password.
The BladeSystem Matrix solution provides a great deal of flexibility for dividing administrative
operations. This flexibility is achieved through restricting access (logins) and authorizations. For more
information on authorizations, see
Authorization.
The BladeSystem Matrix product includes several components that require identification and
authentication for administrative users to gain access. These components include HP SIM, SMH, iLO,
OA, Virtual Connect, HP Insight Dynamics – VSE suite for ProLiant, and Insight Orchestration.
HP SIM provides core authentication services that are utilized by many other BladeSystem Matrix
components such as Insight Control and Insight Dynamics – VSE suite for ProLiant, and they leverage
the underlying Windows infrastructure, including the Active Directory infrastructure, if available.
A computing environment can have several classes of administrators. For example, it is fairly common
to have a server hardware administrator, host system or operating system (OS) administrator,
operator (monitoring administrator), and as virtualization continues to gain greater adoption, a
virtualization administrator. There can also be separate architects and administrators for the network
and storage specific aspects of the data center environment (as well as security architects who design
appropriate security policies).
Creation of these classes enables you to clearly define what privileged operations can be carried out
for each class. Likewise, these classes clearly identify the privileged actions that a given class cannot
perform.
The following table is an example of how you might apply these administrative classes in a
BladeSystem Matrix environment.
10