HP StorageWorks P9000 Command View Advanced Edition Suite Software 7.1.1 Administrator Guide (web) (TB581-96065, September 2011)
CAUTION:
When a P9500, XP24000/XP20000, XP12000/XP10000/SVS200, or XP1024/XP128 storage
system is operated from Element Manager, the storage system communicates directly with Java Web
Start and the Web browser on the management client. For this reason, if the storage system and the
management client are on different networks, you must set up the networks so that the storage system
and the management client can communicate directly with each other.
The following figure illustrates a separate management LAN plus firewalled devices under management.
Figure 3 Second-most secure configuration: separate management LAN plus firewalled devices
Level 3 security: Dual-homed management servers and creating a separate
management LAN
In this configuration, the management servers themselves act as the intersection point between the
management LAN and a production LAN. The server running Device Manager or management
applications is dual-homed. One NIC is attached to the management LAN along with the devices
under management, and the second NIC is attached to a production LAN along with the management
clients (for example, the Device Manager GUI). Because the management application servers actually
act as the gateway between the production LAN and the management LAN, and there is no additional
firewall, you must be very sure that the server itself will not route traffic between the two networks.
This configuration is the third most secure, and is more flexible than either the most or second-most
secure configurations. While it protects the devices under management, it does not protect the
management application servers themselves. Thus, the management application servers should be
secured to the maximum possible extent. Additionally, because the management application servers
themselves act as gateways between the two LANs, OS hardening is very important.
System configuration and requirements28