1.6 Security features

CATA (Comprehensive Applications Threat Analysis) is a powerful HP security quality assessment tool designed to substantially reduce the number of latent security defects. The design of the HP OneView appliance employed CATA fundamentals and underwent CATA review. To ensure a secure platform for data center management, the appliance includes feature such as the following:

Separation of the data and management environments, which is critical to avoid takeover in DoS (Denial of Service) attacks. For example, the appliance is designed to operate entirely on an isolated management LAN; access to the production LAN is not required. The managed devices remain online in the event of an appliance outage.

RBAC (role-based access control), which enables an administrator to quickly establish authentication and authorization for users based on their responsibilities for specific resources. RBAC also simplifies what is shown in the UI:

Users can view only the resources for which they are authorized. For example, the appliance does not display screens that do not apply to users with the role of Network administrator, such as the Server Profiles and Server Hardware screens.

Users can initiate actions only for the resources for which they are authorized. For example users with the role of Network administrator can initiate actions for the network resources only, and users with the role of Server administrator can initiate actions for the server resources only.

Users with the role of Infrastructure administrator have full access to all screens and actions.

Single sign-on to iLO and Onboard Administrator without storing user-created iLO or Onboard Administrator credentials.

Audit logging for all user actions.

Support for authentication and authorization using an optional directory service such as Microsoft Active Directory.

Use of certificates for authentication over SSL (Secure Sockets Layer).

A firewall that allows traffic on specific ports and blocks all unused ports.

A UI that restricts access from host operating system users.

Data downloads that are restricted to support dump files (encrypted by default), encrypted backup files, audit logs, and certificates.

For detailed security information, see “Understanding the security features of the appliance” (page 45).

1.7 Availability features

HP OneView separates the management appliance from the managed resources. In the unlikely event that the appliance experiences an outage, the managed resources continue to run.

HP OneView is delivered as a virtual appliance running in a VMware vSphere virtual machine. The VMware vSphere Hypervisor provides the virtual machine with high-availability and recovery capabilities that allow the virtual machine to be restarted on another host in the cluster and to resume management without disruption to the managed resources.

Configuring the appliance for availability is described in “Managing appliance availability” (page 153).

24 Learning about HP OneView

Page 24
Image 24
HP OneView manual Security features, Availability features