Manualshelf

HP Adaptive Infrastructure Solution Security for BladeSystem Matrix

ManualsBrandsHP ManualsSoftwareHP Insight Server Migration X2X Unlimited Migration 1yr Supp/Updates SW License
21222324252627282930
servers and therefore its integrity is a key design goal for HP engineers. Certificates and signed
images are used to ensure the integrity of the iLO management processor. The iLO management
processor firmware image is signed with a private key known only to HP. The iLO boot block uses the
corresponding public key to verify the integrity of the firmware image. A successful check indicates
that the firmware image is from HP and has not been tampered with. After this check passes, the boot
process proceeds.
Next, the boot block verifies the digital signature of the iLO main image code and refuses to transfer
control to the main-line code if the signature is not valid. After successful validation, control is passed
to the iLO processor main image to begin execution. These safeguards ensure the security and
integrity of the iLO through the boot process by preventing the loading of corrupt or rogue firmware.
When operational, the iLO processor incorporates digital signatures, trusted Java™ and ActiveX
applets (used by the Integrated Remote Console) to verify the integrity of data.
Similar safeguards are utilized to ensure the trust and integrity of other critical hardware components
in the BladeSystem Matrix solution such as OA and Virtual Connect.
No matter how well components are designed and solutions architected, failures are unavoidable.
However, the use of failsafe components and high availability architectures can help to minimize
security risks and business disruption. For example, Virtual Connect continues to provide security even
in maintenance and error situations. Virtual Connect supports redundant configurations and a dump
facility that encrypts configuration information and user data, utilizing private key (asymmetric)
encryption, when a system dump is required. The dump can only be decrypted by HP support
engineers. Another example is the Insight Recovery component of the BladeSystem Matrix solution.
Insight Recovery provides the ability to failover logical servers to another site for maintenance or
during system failures. You can configure automated failover to meet disaster recovery needs and to
ensure the availability of critical business services. Another example worthy of consideration is the use
of Microsoft Cluster Services (MSCS) for deployment of your CMS. This approach eliminates a single
point of failure and provides a high availability solution for your CMS.
Power Management
Power and cooling costs represent a significant recurring operating cost for data center operation.
Power and cooling management helps control and significantly reduce these expenses. Appropriate
management is critical to ensure the availability of resources. However, this technology must be
secure to avoid potential security related denial of service attacks.
HP Insight Power Manager supports power capping each c-Class blade or an entire BladeSystem c-
Class enclosure. Configuration and administration of power and cooling related attributes are set
through the OA and the HP SIM interface. The power and cooling configuration parameters are
stored in the OA flash RAM and changes are recorded in the OA log file.
Capacity Planning
HP Capacity Advisor software, the integrated capacity planning functionality within HP Insight
Dynamics – VSE suite for ProLiant, captures server utilization data and virtualization configuration
scenarios to perform capacity planning and simulations. This information is used to help determine the
appropriate placement of application workloads for improved server utilization. Most of the utilization
data consists of an aggregate of information and it is important to provide the appropriate protection.
Some capacity planning tools require data analysis off-site. Using the Capacity Advisor tool
eliminates this issue, keeping data onsite, under your company’s control at all times. No data is sent
to HP and the collected information is protected through file system access controls.
Capacity Advisor is a planning tool so none of the changes made in Capacity Advisor actually affect
real systems. The changes only affect the simulations. Each scenario is owned by the user who
created it and no other user can modify it. Users are allowed to copy each other’s scenarios and
27