Manualshelf

HP Adaptive Infrastructure Solution Security for BladeSystem Matrix

ManualsBrandsHP ManualsSoftwareHP Insight Server Migration X2X Unlimited Migration 1yr Supp/Updates SW License
12345678910
very nature also provides new ways to achieve greater degrees of security. The use of virtual servers
in a computing environment introduces numerous security benefits that are either not available or
entail significant cost and effort to achieve in a traditional environment.
One obvious issue with the use of virtualization is the addition of code that performs new
functionality, such as the hypervisor for server virtualization or additional firmware functionality for
logical servers
. This additional code results in a larger attack surface, and requires additional security
mitigation to maintain the security level of a traditional computing environment.
The dynamic nature of virtual environments means that identifiers and resources associated with a
physical or virtual server can change. Many programs at the network, system, and application level
expect identifiers associated with a system to remain constant for the life of that system. Traditionally
identifiers are associated with a physical server and track items such as serial numbers, system ID,
Media Access Control (MAC) address for network cards, and World-Wide Names and Identifiers
(WWN and WWID) for Fibre Channel adapters. In a logical server environment resource groupings
and relationships are dynamic, requiring unique identities and a way to track the logical servers and
the resources that comprise them. While Hypervisors are able to gracefully handle changes, physical
machines can have problems handling identifier changes. The use of logical servers and HP Virtual
Connect technology allows for the graceful handling of these changes for both physical and virtual
servers. The following diagram depicts how HP Virtual Connect handles the network and Fibre
Channel connections when a physical server is moved. In the example, a server instance is running on
Server Blade A with the associated network connections (lan1 and lan2) and the Fibre Channel
connections (san1 and san 2). If you move the logical server from Server blade A, or its moved due to
a fail over situation, to the Spare Server blade the associated network (lan1 and lan2) and Fibre
Channel (san1 and san2) connections are automatically moved and associated with the Spare server
blade.
Figure 2: HP Virtual Connect - Server Profile Migration for a failed server or reprovisioning
Each logical server has a unique universal identifier (UUID) which is visible to the HP management
components. When a logical server is moved, the UUID moves with it. The logical server UUID is
important to providing proper support for auditing (a key requirement for regulatory compliance) and
software licensing. For instance, creating an exact clone of a system (including all identifiers) could
violate the licensing agreements of the software installed in the logical server, as well as introduce
confusion to inbound traffic to logical servers with duplicate identifiers. In the BladeSystem Matrix
solution, numerous components manage the dynamic aspects of a virtualized environment. For
7