HP Matrix Operating Environment 7.2 Update 1 Infrastructure Orchestration User Guide
A HP Operations Orchestration communication security
This appendix describes the security of the interaction between Matrix infrastructure orchestration
and HP Operations Orchestration.
Matrix infrastructure orchestration integrates with Operations Orchestration. Operations
Orchestration provides customizable workflows that can be called at various points during the life
of an infrastructure service. Information about the infrastructure service is exchanged between
infrastructure orchestration and Operations Orchestration using HTTPS and (in some cases) SMTP.
By default, IO and OO run on the same Central Management Server (CMS), however IO and OO
may be configured to run on different servers and exchange data across a potentially hostile
network.
Actions taken by infrastructure orchestration and Operations Orchestration are logged.
HP recommends:
• Only trusted administrators have a login on the CMS (default behavior)
• The infrastructure orchestration and Operations Orchestration configuration files are available
only to trusted administrators (default behavior)
• Matrix infrastructure orchestration template creation and Operations Orchestration flow
customization be limited to trusted architects (this is default behavior)
• Matrix infrastructure orchestration and Operations Orchestration are connected by a trusted
corporate network and not a public or potentially hostile internet (by default infrastructure
orchestration and Operations Orchestration are installed on the same server)
Matrix infrastructure orchestration and Operations Orchestration interaction
There are two types of interactions between infrastructure orchestration and Operations
Orchestration.
• Administrative Actions
Operations Orchestration workflows invoked during the lifecycle of an infrastructure service
that perform administrative actions and are configured in ..\Program Files\HP\Matrix
infrastructure orchestration\conf\hpio.properties.
• Service Actions
Operations Orchestration workflows assigned to an infrastructure service template by the
infrastructure orchestration architect. The architect assigns workflows at specific points of the
infrastructure service lifecycle.
Data passed by infrastructure orchestration to Operations Orchestration
The data exchanged between infrastructure orchestration and Operations Orchestration includes:
• Date – The date the Operations Orchestration flow was invoked.
• User Token – A unique string used to authenticate a response from the user.
• Request XML – Data about an infrastructure service including the servers, disks, networks and
storage it uses, as well as the name of the user of the service.
• User XML – Data about an infrastructure orchestration user including user name, email address,
last login time and user token (this token cannot be used to connect to infrastructure orchestration
without user name and password).
• Disk or Server identifier
• Server Group Name
• Network Interface Card (NIC) identifier
226 HP Operations Orchestration communication security