Bladesystem network architecture overview, Recommended security best practices – HP Onboard Administrator User Manual

Introduction 21

BladeSystem network architecture overview

All device bays, interconnect modules, and Onboard Administrator modules are connected to an internal

enclosure network that is managed by the active Onboard Administrator. Network traffic from business

applications running on server blades is routed through interconnect switch modules and onto the production
network.

Although it is possible for the management and production networks to be connected, the management

network should be isolated from production traffic and the intranet. From a security perspective, this reduces

access and ability to attack the management interfaces. From an efficiency standpoint, separate networks

keep production traffic off the management network.

Recommended security best practices

In addition to the best practices, note these additional considerations.
Physical presence considerations
Physical access to a system often implies administrator privilege. The Onboard Administrator is no exception.

For more information on how to configure the Onboard Administrator administrator, see "Configuring the HP

BladeSystem c7000 enclosure and enclosure devices (on page

96

)."

•

Verifying physical cabling
The BladeSystem enclosure can have many cables attached to the enclosure. Cables connected to the
interconnect switch modules are generally for production network traffic. All other cables and ports are

generally for enclosure management network traffic and should be carefully inspected.

o

Ensure that enclosure link ports are connected only to enclosure link ports on other enclosures.

o

Inspect Onboard Administrator serial ports for unauthorized connections.

o

Inspect Onboard Administrator USB ports for unauthorized connections.