HP StorageWorks P9000 Command View Advanced Edition Suite Software 7.1.1 Administrator Guide (web) (TB581-96065, September 2011)
CAUTION:
When a P9500, XP24000/XP20000, XP12000/XP10000/SVS200 or XP1024/XP128 storage
system is operated from Element Manager, the storage system communicates directly with Java™
Web Start and the Web browser on the management client. For this reason, if the storage system
and the management client are on different networks, you must set up the networks so that the storage
system and the management client can communicate directly with each other.
The following figure illustrates a separate management LAN with a firewall configuration.
Figure 2 Most secure configuration: separate management LAN plus firewall
Level 2 security: Placing managed devices behind the firewall and creating a
separate management LAN
In this configuration, the machine hosting the Device Manager server and all other application servers
must be single-homed, and the actual managed devices must be separated from Device Manager by
a firewall. The firewall's rules allow a storage system to be accessed only by the Device Manager
server or by any other required management application. Management clients accessing Device
Manager are not allowed to pass traffic through the firewall to directly talk to a managed storage
system, but can directly participate in management operations via Device Manager or a management
application.
This configuration is the second most secure, and is more flexible than the most secure option. While
this configuration protects the devices under management, it does not protect the management
application servers themselves. Therefore, all management application servers should be hardened
to the maximum possible extent.
Administrator Guide (Web Version) 27