IBM DS8000 HMC security considerations, Security mechanism 1 Console must initiate session, 165

request an IP connection, or if the modem is unavailable, will use voice phone or e-mail to request an IP connection.

Note: The IP connection initiated by the S-HMC will always be to a specific telephone number for modem access or to a specific IP address for internet access.

The communication will be by way of VPN and will use data encryption. This network configuration will position IBM to provide faster support assistance and problem resolution since IBM will be able to connect to the S-HMC relatively quickly and error logs can be transmitted to IBM over a high-speed network. This will eliminate any delays associated with transmitting huge error logs over a dial-up connection.

There can also be a direct connection to the IBM network by way of VPN. This is depicted in the diagram with the arrow from MC1 to the IBM network.

Note: IBM recommends that the S-HMC be connected to the customer’s public network over a secure VPN connection, instead of a dial-up connection.

S-HMC security considerations

Allowing access between the Internet and computers in a customer network brings valid security concerns which need to be addressed. IBM has taken the steps necessary to provide secure network access for the S-HMC. Even after securing access to the S-HMC, there are additional levels of security built into the Service applications available on the S-HMC. In the following sections we discuss the security protection securing access to the S-HMC from the Internet, and then we describe the internal security of the S-HMC itself.

Security mechanism 1 - Console must initiate session

The first security measure that is employed to protect the console is to only allow network sessions or conversations to be initiated from the console itself. This means that there are no applications running on the console that are listening on TCPIP ports to establish a session. If a session is needed from the console to enable a service action, an IBM Service representative may initiate this session by dialing into the console using the modem, and requesting that the console establish the session. This session will only be initiated to one of the defined TCPIP addresses which represent the IBM Service centers.

At installation time, the customer may decide to only allow a service session when manually requested, by the customer, through the console interface. These installation options are briefly described here, and explained in detail in IBM TotalStorage DS8000 Introduction and Planning Guide, GC35-0495.

Security mechanism 2 - Public key encryption

The S-HMC uses a public key encryption mechanism to maintain the security of data exchanged between the console and the IBM Service organization. Each S-HMC, during manufacturing or during the installation process, generates a public encryption key based on the private key that the console will use for encryption and decryption.

During the installation process at the customer site, the IBM SSR will connect to the IBM Service organization, by way of modem, internet connection, or the SSRs MOST portable console, and will transmit the public key for the installed console to a database maintained within the IBM secure network. Whenever IBM Service requires access to the console located at the customer site, the IBM personnel will have to retrieve the console-specific public key from the database and use this key to establish the communication session needed for service.