Manualshelf

Managing HP Servers through Firewalls with Insight Management 7.0

ManualsBrandsHP ManualsSoftwareInsight Software
12345678910
5
Introduction
Managing systems in a secure environment is a challenge that most system administrators face. It
requires a careful balance between critical security requirements and the need to effectively manage
and maintain the systems.
Within Internet connected architecture, there is typically a more secure zone, commonly referred to as
the demilitarized zone (DMZ). This zone is positioned between the corporate servers and the Internet,
usually separated from both by firewalls that restrict traffic flow. With this architecture, servers that
provide publicly available Internet services can be accessed through a firewall, but these services are
inaccessible on the internal network. This more secure zone provides an area that is isolated from the
internal network and is hardened against external attack (Figure 1). The security challenges in the
DMZ are similar to those in other areas of a network that require special security attention.
Figure 1 Block diagram of a generic corporate computing environment
Through three sample case studies, this paper explores options for managing HP systems in the DMZ.
It explains the benefits and risks associated with each option. Information in this paper should allow
system administrators to tailor solutions for their own computing environments, based on the levels of
management they need and the security risk level they are willing to take.
In Case 1, the majority of management protocols are prohibited from the secure network, and the
management solution will not be allowed to violate any security restrictions. This solution is not
recommended, as the administrator is incapable of managing the hardware in the DMZ. It completely
eliminates the use of HP management tools such as HP Insight Control.
In Case 2, a completely separate network is used for management. This solution has the benefit of
completely segregating management traffic from the primary network and allowing a full spectrum of
management capabilities (because management protocols can enter through the firewall). However, it
is the most expensive option in terms of hardware and infrastructure costs. While it does increase cost
due to additional hardware and infrastructure, this option allows the use of iLO 2 to securely manage
hardware in the DMZ. Of the two options providing management capabilities in the DMZ (case 2
and 3), this one has the least risk of hackers or security breaches.
In Case 3, management protocols are allowed and management traffic is permitted to travel through
the firewall to HP Insight Control. This results in a fully featured management solution at a measured
risk. Because the infrastructure uses a single network for both management and production traffic, this
option does increase the risk from hackers or security breaches.
The intended audience for this paper is engineers and system administrators familiar with existing HP
technology and servers. The paper does not attempt to define and explain all the security concepts
and topics mentioned. Instead, it refers readers to resources containing that information.