Manualshelf

HP Insight Management 7.0 Getting Started Guide (7.0 and 7.1)

ManualsBrandsHP ManualsSoftwareHP Matrix Operating Environment w/Insight Control BL 24x7 Supp 1 Server Lic
12345678910
The HP Systems Insight Manager User Guide describes communication between entities that help
you design and configure your environment to ensure the maximum level of security, including
deciding where firewalls are needed and which ports must remain open for management traffic.
Most security policies and practices in a traditional environment are applicable in a virtualized
environment. However, in a virtualized environment, these policies might require modifications
and additions.
The following security practices are recommended by HP in a virtualized environment. This is only
a partial list because differing security policies and implementation practices make it difficult to
provide a complete and definitive list. However, these recommendations are a good starting point:
Use a separate management network. For security and performance reasons, HP recommends:
Establishing a private management network separate from the data network
Granting access to the management network only to administrators
Using a firewall to restrict traffic into the management network
Eliminate or disable nonessential services. Configure all host systems, management systems,
and network devices so that nonessential services are either eliminated or disabled, including
networking ports when not in use. This can significantly reduce the number of attack vectors
in your environment.
Ensure that a process is in place to periodically check for and install patches for all software
in your environment.
Address the use of virtualization in your corporate security policy and processes. For example:
Educate administrators about changes to their roles and responsibilities in a virtual
environment.
If an Intrusion Detection System (IDS) is being used in your environment, ensure that the
IDS solution has visibility into network traffic in the virtual switch (within a hypervisor).
Mitigate potential sniffing of VLAN traffic by turning off promiscuous mode in the hypervisor
and by encrypting traffic flowing over the VLAN.
NOTE: In many cases, if promiscuous mode is disabled in the hypervisor, it cannot be
used on a VM guest (the guest can enable it, but it will not be functional).
Maintain zones of trust (DMZ separate from production machines).
Clearly define administrative roles and responsibilities (host administrator, network
administrator, and virtualization administrator). Use the Systems Insight Manager toolbox and
Virtual Connect role capabilities to distinguish these roles.
Achieve a higher level of security for components that are delivered with certificates signed
by the provider (for instance Systems Insight Manager and HP System Management Homepage),
by populating them with trusted certificates at deployment time.
Implement directory services. Directory services enable a consistent authentication and
authorization process throughout the environment. You can also use directories for role-based
access control.
Do not use local accounts. However, if you use local accounts, HP recommends that you
periodically change the passwords as follows:
Change default passwords immediately to a more relevant and secure password
Change management device passwords with the same frequency and according to the
same guidelines as server administrative passwords
Recommendations for security policies and practices 7