Manualshelf

Securing Serviceguard Security analysis for HP Serviceguard clusters - Technical white paper

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux ProLiant Cluster
123456789
7
Considerations for Serviceguard Manager
Firewall configuration
Serviceguard Manager, the Serviceguard GUI, is sometimes needed to run outside the firewall and outside the security
domain. The Serviceguard Manager functionality uses ports 2301/http and 2381/https. Additionally, the port 1118 is
used for Apache-Tomcat communication within the local host.
To enable the use of Serviceguard GUI outside the firewall, the firewall must be configured to unblock the required ports:
1118, 2301/http and 2381/https. Serviceguard recommends restricting such access as tightly as possible, and never to a
hostile address space.
Cluster Object Manager
The Cluster Object Manager can be used from cluster nodes, or from nodes of another cluster, or from nodes not in any
cluster. When used from any node not in the cluster, the node containing the Cluster Object Manager must be inside the
same security domain as the cluster being managed.
Note: That the cluster object manager is no longer available on Serviceguard Release A.11.20.00 and later on Linux, and so is
not relevant.
Sniffing concerns
Sniffing” means examining network packets as they stream by or through one’s computer. If Serviceguard Manager is
being used outside the firewall, great care must be taken to protect fromsniffingthe traffic sent by Serviceguard
Manager to the Serviceguard cluster. Again, it is not acceptable to simply connect Serviceguard Manager from a hostile
network and begin using it to administer a Serviceguard cluster. Even if the Serviceguard Manager is connected from
outside the firewall, blocking all the ports except the ones needed by Serviceguard Manager, will secure the connection.
Spoofing concerns
A computer can generally be configured with any IP address its administrator desires. Forging another’s IP address is
easy, and a significant threat outside the trusted network.
Considerations for Quorum Server
The quorum server must exist within the same security domain as the cluster(s) it provides quorum services to. The
quorum server must be protected from attack, similar to any Serviceguard node.
Quorum server is not a threat, but is inside the security domain
The root user in a security domain has opportunities to exploit any system within the domain and it needs to be trusted.
Hence, a quorum server that provides the foundational services to a cluster configuration does not create new paths to
the security vulnerability.