HP Insight Orchestration 6.0 User Guide
A HP Operations Orchestration communication security
This appendix describes the security of the interaction between HP Insight Orchestration and HP Operations
Orchestration.
HP Insight Orchestration integrates with HP Operations Orchestration. Operations Orchestration provides
customizable workflows that can be called at various points during the life of an infrastructure service.
Information about the infrastructure service is exchanged between Insight Orchestration and Operations
Orchestration using HTTPS and (in some cases) SMTP. By default, Insight Orchestration and Operations
Orchestration run on the same Central Management Server (CMS), however Insight Orchestration and
Operations Orchestration may be configured to run on different servers and exchange data across a
potentially hostile network.
Actions taken by Insight Orchestration and Operations Orchestration are logged.
HP recommends:
• Only trusted administrators have a login on the CMS (default behavior)
• The Insight Orchestration and Operations Orchestration configuration files are available only to trusted
administrators (default behavior)
• Insight Orchestration template creation and Operations Orchestration flow customization be limited to
trusted architects (this is default behavior)
• Insight Orchestration and Operations Orchestration are connected by a trusted corporate network and
not a public or potentially hostile internet (by default Insight Orchestration and Operations Orchestration
are installed on the same server)
Insight Orchestration Operations Orchestration interaction
There are two types of interactions between Insight Orchestration and Operations Orchestration.
• Administrative Actions (see “Administrative actions”)
Operations Orchestration Workflows invoked during the lifecycle of an infrastructure service that perform
administrative actions and are configured in Insight Orchestration\conf\hpio.properties.
• Service Actions (see “Service actions”)
Operations Orchestration Workflows assigned to an infrastructure service template by the Insight
Orchestration architect. The architect assigns workflows at specific points of the infrastructure service
lifecycle.
Data passed by Insight Orchestration to Operations Orchestration
The data exchanged between Insight Orchestration and Operations Orchestration includes:
• Date – The date the Operations Orchestration flow was invoked
• User Token – A unique string used to authenticate a response from the user.
• Request XML – Data about an infrastructure service including the servers, disks, networks and storage
it uses as well as the name of the user of the service
• User XML – Data about an Insight Orchestration user including username, email address, last login
time and user token (this token cannot be used to connect to Insight Orchestration without username
and password).
• Disk or Server identifier
• Server Group Name
• Network Interface Card (NIC) identifier
Insight Orchestration and Operations Orchestration communication
Insight Orchestration uses HTTPS communication with the Operations Orchestration Server to invoke Operations
Orchestration workflows and pass any data needed by the workflow. The Operations Orchestration Server
may be located on the same CMS as Insight Orchestration, or may be on a separate server. HP recommends
that Insight Orchestration and Operations Orchestration be on the same trusted corporate network.
The Operations Orchestration workflow runs with Windows Local System privilege and can be customized
to run arbitrary actions such as file system reads, open network connections or send email.
Insight Orchestration Operations Orchestration interaction 92