6 security features, 7 availability features, 6 security features 1.7 availability features – HP OneView User Manual
Page 24
1.6 Security features
CATA (Comprehensive Applications Threat Analysis) is a powerful HP security quality assessment
tool designed to substantially reduce the number of latent security defects. The design of the HP
OneView appliance employed CATA fundamentals and underwent CATA review. To ensure a
secure platform for data center management, the appliance includes feature such as the following:
•
Separation of the data and management environments, which is critical to avoid takeover in
DoS (Denial of Service) attacks. For example, the appliance is designed to operate entirely
on an isolated management LAN; access to the production LAN is not required. The managed
devices remain online in the event of an appliance outage.
•
RBAC (role-based access control), which enables an administrator to quickly establish
authentication and authorization for users based on their responsibilities for specific resources.
RBAC also simplifies what is shown in the UI:
◦
Users can view only the resources for which they are authorized. For example, the
appliance does not display screens that do not apply to users with the role of Network
administrator, such as the Server Profiles and Server Hardware screens.
◦
Users can initiate actions only for the resources for which they are authorized. For example
users with the role of Network administrator can initiate actions for the network resources
only, and users with the role of Server administrator can initiate actions for the server
resources only.
◦
Users with the role of Infrastructure administrator have full access to all screens and
actions.
•
Single sign-on to iLO and Onboard Administrator without storing user-created iLO or Onboard
Administrator credentials.
•
Audit logging for all user actions.
•
Support for authentication and authorization using an optional directory service such as
Microsoft Active Directory.
•
Use of certificates for authentication over SSL (Secure Sockets Layer).
•
A firewall that allows traffic on specific ports and blocks all unused ports.
•
A UI that restricts access from host operating system users.
•
Data downloads that are restricted to support dump files (encrypted by default), encrypted
backup files, audit logs, and certificates.
For detailed security information, see
“Understanding the security features of the appliance”
.
1.7 Availability features
HP OneView separates the management appliance from the managed resources. In the unlikely
event that the appliance experiences an outage, the managed resources continue to run.
HP OneView is delivered as a virtual appliance running in a VMware vSphere virtual machine.
The VMware vSphere Hypervisor provides the virtual machine with high-availability and recovery
capabilities that allow the virtual machine to be restarted on another host in the cluster and to
resume management without disruption to the managed resources.
Configuring the appliance for availability is described in
“Managing appliance availability”
.
24
Learning about HP OneView