HP Adaptive Infrastructure Solution Security for BladeSystem Matrix
components comprise the BladeSystem Matrix solution, but several key components provide the
substantive security model for the BladeSystem Matrix solution.
HP Systems Insight Management (HP SIM) software is the foundation component providing the security
model and security services to many other BladeSystem Matrix components. Therefore, HP SIM is the
focal point for security coverage in many sections of this paper. The components that make up
BladeSystem Matrix solution are modular and many can be purchased as individual components for
standalone use outside of the BladeSystem Matrix solution. Therefore, individual components can
provide additional localized security mechanisms.
Insight software portfolio components built on top of HP SIM include Insight Dynamics – VSE suite for
ProLiant, Insight Orchestration, and HP Insight Recovery for disaster recovery. This white paper
demonstrates the key security protections available with HP SIM. In addition to HP SIM, the Systems
Management Homepage software, which is used for host management, is also a key security
component.
The BladeSystem c-Class enclosure includes Virtual Connect for managing virtual configurations within
the enclosure, the Onboard Administrator for managing hardware (blades, fans, power supplies,
switches, and more) in the enclosure, and an ILO associated with each blade for direct administration
of the physical ProLiant or Integrity server. Each component offers a full range of security mechanisms
addressing authentication, authorization, data confidentiality, and integrity. The following table is an
overview of the key security related BladeSystem Matrix components.
Component Description
HP Systems Insight
Manager
HP SIM software is a core component of the Insight infrastructure management software
portfolio and provides many core management services that are utilized by other Insight
software portfolio components and components external to Insight Software portfolio.
Among these core services is a fundamental security model and associated security
services provided by HP SIM. HP SIM provides flexibility, allowing environments to tailor
the security mechanisms to meet the local site security policy.
HP SIM utilizes secure communication protocols and provides an audit facility that logs
entries for important system activities (executed tasks, authorization modifications, user
login and logout). In a BladeSystem Matrix environment, HP SIM runs on a Windows
Central Management Server (CMS). HP SIM leverages Microsoft Windows security and
Active Directory services for authentication and authorization, and provides extensive
authorization mechanisms (combining individual HP SIM users with specific toolboxes
and specific target elements). HP SIM provides the backbone of the BladeSystem Matrix
solution security model.
HP System Management
Homepage
HP System Management Homepage (SMH) software is a Web-based interface that
consolidates and simplifies single system management for HP ProLiant and Integrity
servers running a variety of operating environments (including Windows, Linux, and
HP-UX). SMH leverages the authentication and authorization mechanisms of its host
operating system and integrates with the security mechanisms of HP SIM.
Onboard Administrator
The Onboard Administrator (OA) is the management controller that resides within each
BladeSystem c-Class enclosure. Redundant OA configurations enable greater high
availability. The OA works with the iLO management processors on each server blade
to form the core of the management architecture for the HP BladeSystem c-Class
environment. OA also collects system parameters related to thermal and power status,
system configuration, and managed network configuration, and controls various
hardware components (such as fans, power supplies, and blades).
Integrated Lights-Out
The Integrated Lights Out (iLO) management processor on each HP ProLiant or Integrity
server provides administrators powerful system configuration and maintenance
capabilities. The sensitive nature of these operations requires a high degree of security.
The iLO management processor is designed to satisfy the needs of high security
environments and offers numerous alternatives to meet deployment site security policies.
HP Virtual Connect HP Virtual Connect implements server edge virtualization, allowing server administrators
to upgrade, replace, or move server blades within their enclosures without these
5