HP Insight Control Server Provisioning 7.3 Update 1 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Insight Control including 1yr 24x7 Technical Support and Updates Single Server License

11 Security considerations

Insight Control server provisioning is delivered as a security-hardened virtual appliance. The number

of open ports and the protocols supported on them have been limited to the minimum necessary

for the operation of Insight Control server provisioning.

Architecture overview

Figure 3 Insight Control server provisioning hardening

Virtual

hard disk

Virtual

nic

Deployment Network Production Network

OS distros

& images

Appliance IP

Deployment

IP (alias)

Insight Control server

provisioning

virtual appliance

Hypervisor

Client

Media Server

(Windows)

Console

Browser

iLO

Windows Target

Linux or VMware Target

Deployment

nic

Production

nic

Deployment

nic

Production

nic

iLO

Microsoft IIS

SMB/CIFS

Assumptions

The appliance should be on a deployment network, separate from the production network (see

“Best practices for maintaining a secure appliance” (page 60) for more information). Additionally,

access to the virtual appliance console should be restricted to authorized users (see “Restricting

console access” (page 71) for more information).

The appliance needs access to the iLOs on target servers as well as their deployment NICs. A

network configuration includes a separate management network that connects to target iLOs and

a deployment network with DHCP and PXE that connects to target deployment NICs. This type of

configuration will require a router between the management and deployment networks to provide

access to the target iLOs via the deployment network.

58 Security considerations