HP Adaptive Infrastructure Solution Security for BladeSystem Matrix
iLO, OA, VC, and EVA auditing
In addition to the HP SIM audit logs, several significant audit logs are associated with hardware
devices in the BladeSystem Matrix environment. These include audit trails for the iLO, OA, Virtual
Connect, and the CommandView log for the EVA.
The OA and iLO each maintain an event log containing date and time stamped records for
configuration, operational, and security events that occur in these devices. The logs can be examined
through a browser interface. Automated examination of the logs can be carried out through XML
commands and events can be filtered by date/time and authenticated user.
The CommandView EVA software maintains an audit log on its host platform. The audit log consists of
a flat file on the CommandView server, which is protected by Windows file access permissions.
The Virtual Connect audit mechanism records all modifications to the Virtual Connect configuration.
The information contained in a Virtual Connect audit record includes a timestamp, the username, how
the user is logged in (locally or remotely), an IP address for remote login through a browser, an object
type, an object identifier, severity of the event, and a textual description of the administrative action
performed.
Virtual Connect writes audit records to a log file in flash memory. When the log file grows to a pre-
determined size of 256KB, a log file rollover takes place. Since the log files are stored in limited
space on flash memory and because a log file rollover overwrites log files, HP recommends that you
periodically backup the audit logs to a centralized server so that the data is available for later
analysis and reporting.
A web browser based tool is available to view the audit log records. This rudimentary tool does not
support filtering of events. However, the audit records are in ASCII format so it is possible to parse
them on a UNIX or Windows system.
The use of audit data from the BladeSystem Matrix solution helps to detect potential security issues
and assists in debugging and damage control if a security issue occurs.
Configuration management and maintenance
As expected with a solution as comprehensive as BladeSystem Matrix, there are numerous aspects of
configuration management and maintenance to describe. This section addresses the more significant
and interesting aspects of security found in the BladeSystem Matrix solution.
HP SIM is tightly integrated with many devices. The HP SIM discovery process is utilized to find
devices on specified network segments. After discovery, you can configure these devices to be
managed from the CMS by HP SIM. For instance, as part of the discovery process HP SIM checks for
the presence of iLO devices. Important configuration information from the iLO including the server
serial number, the iLO status, iLO serial number, hardware version and firmware version is captured
by HP SIM software and recorded in an inventory or asset log. You can control the sharing of this
information with HP SIM using the configuration options on the device.
An infrequent, but highly sensitive operation is the updating of firmware revisions. These updates can
be applicable to most hardware devices in the BladeSystem Matrix solution including iLO, OA, Virtual
Connect, server blades, and the EVA. Only an appropriately privileged administrator can download
new firmware to the device and the signature of the firmware image is validated to ensure that the
image has been provided by HP. The image is then uncompressed and validated to ensure the
integrity of the firmware image before it is loaded into the hardware device.
The firmware is a critical controlling component for the booting and ongoing operation of hardware
devices. Due to the highly sensitive nature of these operations, appropriate protections must be
utilized. For example, the iLO management processor is a key component for the management of
26