Manualshelf

Securing Virtual Partitions with HP-UX Role-Based Access Control

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Foundation OE
12345678910
4
Introduction
Virtual Partitions (vPars) on HP-UX 11i v2 enables an enterprise to run multiple instances of the HP-UX
11i Operating Environment (OE) simultaneously on one server. With vPars, each OE instance hosts its
own set of applications in a software isolated environment. While allowing multiple instances of HP-UX
to run on a single server facilitates benefits such as increased utilization, policy-based resource
management, and opportunities for consolidation, it also requires increased consideration for areas
such as manageability and security.
Partitioning Security Concerns
From a security perspective, there are three primary
areas for consideration with any virtualization
solution:
Resource Isolation: How well are the
respective OS instances separated? More
specifically, what restrictions are placed on
hardware resource access (for example, memory
access protections)?
Management: Similar to isolation, but
specifically with respect to management of the
partitioning configuration. Are there access
controls (for example, passwords) on the partition
configuration? Can a partition configure and/or
modify other partitions?
Security of monitor: Is the entity that
virtualizes the hardware secure (for example, the
vPars monitor)? Is it vulnerable to attack?
HP provides a number of solutions for partitioning,
each with an associated set of trade-offs. A full
discussion of these solutions and their security
implications is outside the scope of this paper.
Instead, this paper will focus on the security
implications of the HP-UX vPars product.
Built-in vPars Security Features
To facilitate performance and minimize overhead, some isolation trade-offs were made in vPars that
suggest other HP partitioning solutions are more appropriate for the highest risk customer security
environments. Despite this, HP included several security features in HP-UX vPars to facilitate its use in
certain customer environments. The following is a summary of these features:
By default, non-root users cannot create, modify, or destroy virtual partitions.
A hardware resource must be made available before it can be added to a virtual partition.
Virtual partition commands can run simultaneously from multiple virtual partitions, but all access to the
monitor is serialized.
The monitor ensures that the on-disk copies of the partition database are synchronized with the
monitor’s partition database in memory state.
Possible Approaches to Enhance Virtual Partition Security Management
This white paper addresses a remaining area of security concern for certain vPars deployments.
Specifically, there are some customer environments where the partitions are segmented such that the