6 security features, Recovery from catastrophic failures – HP OneView User Manual
Page 26
Recovery from catastrophic failures
You can recover from a catastrophic failure by restoring your appliance from the backup file.
When you restore an appliance from a backup file, all management data and most configuration
settings on the appliance are replaced with the data and settings in the backup file, including
things like user names and passwords, audit logs, and available networks.
The state of the managed environment is likely to be different from the state of that environment at
the time the backup file was created. During a restore operation, the appliance reconciles the data
in the backup file with the current state of the managed environment. After the restore operation,
the appliance uses alerts to report any discrepancies that it cannot resolve automatically.
For more information about backing up and restoring an appliance, see
.
1.6 Security features
CATA (Comprehensive Applications Threat Analysis) is a powerful HP security quality assessment
tool designed to substantially reduce the number of latent security defects. The design of the HP
OneView appliance employed CATA fundamentals and underwent CATA review. To ensure a
secure platform for data center management, the appliance includes feature such as the following:
•
Separation of the data and management environments, which is critical to avoid takeover in
DoS (Denial of Service) attacks. For example, the appliance is designed to operate entirely
on an isolated management LAN; access to the production LAN is not required. The managed
devices remain online in the event of an appliance outage.
•
RBAC (role-based access control), which enables an administrator to quickly establish
authentication and authorization for users based on their responsibilities for specific resources.
RBAC also simplifies what is shown in the UI:
◦
Users can only view the resources for which they are authorized. For example, the
appliance does not display screens that do not apply to users with the role of Network
administrator, such as the Server Profiles and Server Hardware screens.
◦
Users can initiate actions only for the resources for which they are authorized. For example
users with the role of Network administrator can initiate actions for the network resources
only, and users with the role of Server administrator can initiate actions for the server
resources only.
◦
Users with the role of Infrastructure administrator have full access to all screens and
actions.
•
Single sign-on to iLO and Onboard Administrator without storing user-created iLO or Onboard
Administrator credentials.
•
Audit logging for all user actions.
•
Support for authentication and authorization using an optional directory service such as
Microsoft Active Directory.
•
Use of certificates for authentication over SSL (Secure Sockets Layer).
•
A firewall that allows traffic on specific ports and blocks all unused ports.
•
A UI that restricts access from host operating system users.
•
Data downloads that are restricted to support dump files (encrypted by default), encrypted
backup files, audit logs, and certificates.
For detailed security information, see
“Understanding the security features of the appliance”
.
26
Learning about HP OneView