Manualshelf

HP 3PAR InForm OS Common Criteria Administrator's Reference (QL226-96586, October 2012)

ManualsBrandsHP ManualsComputer AccessoriesHP 3PAR InForm V400/4x600GB 15K Magazine LTU
21222324252627282930
Operating in Common Criteria Mode 24
Configuration Steps for CC Operation
The following steps should have been taken by customers, in cooperation with HP 3PAR
authorized installers, to configure the HP 3PAR Storage System for CC evaluated
configuration operation (to verify that you are actually running in the CC evaluated
configuration, see “CC Configuration Validation” on page 28).
WARNING
If any of these steps are omitted, the system will not be in the evaluated configuration.
1. Unsecured ports All unsecured ports must be disabled to operate in the evaluated
configuration.
a. On new installations, the authorized installer uses the “Out-of-the-Box” (OOTB)
process to initialize the new system.
This process allows for the configuration of basic system resources and
requirements to be customized to the local site (e.g., IP network configuration,
spare disk sizes). The process asks the installer if all unsecured ports are to be
disabled.
b. On system upgrades, the authorized installer logs into the system console as root
and executes the netcconf command.
This is a subset of the OOTB process described for new systems, above. The
process asks the installer if all unsecured ports are to be disabled.
2. CIM should not be enabled in the evaluated configuration
a. On new systems, the authorized installer should not enable CIM while conducting
the OOTB process. Additionally, administrators should not issue the startcim CLI
command.
b. On upgraded systems, the system administrator should issue the stopcim CLI
command to disable CIM, if it was in use, and not use the startcim command.
3. SNMP should not be used in the evaluated configuration.
a. On new systems, administrators should not use the addsnmpmgr and
createsnmpuser CLI commands.
b. On upgraded systems, administrators should disable SNMP using the following CLI
commands: removesnmpmgr, removesnmpuser (for each user created),
removesnmppw –r, removesnmppw rw, and removesnmppw –w.
4. The deprecated CLI ports (MgmtOldPorts) should be disabled in the evaluated
configuration by an administrator.
a. Use the showsys mgmtoldports CLI command to check if the ports are
already disabled.
If the ports are disabled, proceed to step 5.