Information security – HP Matrix Operating Environment Software User Manual

A service provider administrator assigns service provider users to templates. However, an
organization administrator cannot assign organization users to templates. An organization user
has access to all of the templates assigned to that organization.

A Windows user may be both a service provider user and an organization user. In this case, if
the Windows user logs into the self service portal, the user will have access to the templates to
which he/she is assigned. If the Windows user logs into the organization administrator portal, the
user has access to all of the templates assigned to the organization.

Table 9 Resources visible to service provider and organization administrators and users

Organization
user/group access

Organization
administrator
access

Service provider
user access

Service provider
administrator
controls

Origination

Resource

Visible if assigned
to the organization

Visible if assigned
to the organization

Visible if
published. If

Assign to one or
more

Created by IO
architect using

Infrastructure
orchestration
templates

by the

by the service

access restrictions

organizations

infrastructure

organization

provider

are enabled,

and/or restrict

orchestration
designer

administrator
(published only)

administrator
(published and
unpublished)

visible if
published AND
the template is

service provider
user/group access

assigned to the
user/group

Visible if assigned
to the organization

Visible if assigned
to the organization

No restrictions

Assign to one or
more
organizations

1

Created or
discovered by IO;
can be edited by
service provider
administrator

Networks

by the
organization
administrator

by the service
provider
administrator

Visible if assigned
to the organization

Visible if assigned
to the organization

Visible if resource
is kept at the

Keep at service
provider or assign

Discovered by IO

Compute
resources

and the user is

by the service

service provider

to one
organization

(physical servers,
VM Hosts, ESX

assigned to the

provider
administrator

level and the user
is assigned to the

resource pools,

pool containing

pool containing

and cloud
resources )

2

the resource by the
organization
administrator

the resource by
the service
provider
administrator

Allocate a
separate storage

Automatically
generated by

Storage pool
entries

tag to each

Matrix OE, or

organization.

created by service

Match logical disk

provider

tags with storage

administrator using

pool entry tags, or

Matrix OE logical

choose the

server

appropriate SPM

management,

storage template

optionally using

using tags in the
IO template

Storage
Provisioning
Manager

1

IO does not include or preclude active firewalling between VLANs.

2

Storage management for physical server blades can be performed only by the service provider administrator.

Information security

The following table shows the information that is visible to the service provider administrator, service
provider user, organization administrator, and organization user.

Service provider administrators and users see messages only related to that organization. To
prevent information from passing from one organization to another through storage, infrastructure
orchestration scrubs both the boot and data disks when a service is deleted.

182

Multi-tenancy in Matrix infrastructure orchestration