Bladesystem network architecture overview, Recommended security best practices – HP Onboard Administrator User Manual
Page 21
Introduction 21
BladeSystem network architecture overview
All device bays, interconnect modules, and Onboard Administrator modules are connected to an internal
enclosure network that is managed by the active Onboard Administrator. Network traffic from business
applications running on server blades is routed through interconnect switch modules and onto the production
network.
Although it is possible for the management and production networks to be connected, the management
network should be isolated from production traffic and the intranet. From a security perspective, this reduces
access and ability to attack the management interfaces. From an efficiency standpoint, separate networks
keep production traffic off the management network.
Recommended security best practices
In addition to the best practices, note these additional considerations.
Physical presence considerations
Physical access to a system often implies administrator privilege. The Onboard Administrator is no exception.
For more information on how to configure the Onboard Administrator administrator, see "Configuring the HP
BladeSystem c7000 enclosure and enclosure devices (on page
)."
•
Verifying physical cabling
The BladeSystem enclosure can have many cables attached to the enclosure. Cables connected to the
interconnect switch modules are generally for production network traffic. All other cables and ports are
generally for enclosure management network traffic and should be carefully inspected.
o
Ensure that enclosure link ports are connected only to enclosure link ports on other enclosures.
o
Inspect Onboard Administrator serial ports for unauthorized connections.
o
Inspect Onboard Administrator USB ports for unauthorized connections.