Go to main content
Sun Storage 16 Gb Fibre Channel ExpressModule Universal Host Bus Adapter, Emulex Security Guide

Exit Print View

Updated: July 2015
 
 

Planning a Secure Environment

Review the information in this section before and during the installation and configuration of a server and Sun Storage 16 Gb Fibre Channel ExpressModule Universal HBA, Emulex.

This section contains the following topics:

Hardware Security

Physical hardware can be secured fairly simply: limit access to the hardware and record serial numbers.

  • Restrict access

    • If equipment is installed in a rack with a locking door, keep the door locked except when you have to service components in the rack.

    • Store spare field-replaceable units (FRUs) or customer-replaceable units (CRUs) in a locked cabinet. Restrict access to the locked cabinet to authorized personnel.

  • Record serial numbers

    Keep a record of the serial numbers of all universal HBA cards.

Software Security

The security considerations for software components are:

  • Refer to the documentation that came with your software to enable any security features available for the software.

  • Use the superuser account to set up and update the universal HBA drivers.

  • Most hardware security is implemented through software measures.

  • The software components that support the universal HBA rely on system security features to provide secure access.

Firmware Security

The universal HBA ships with all of the firmware installed. Firmware installation is not required in the field, except for updates.

  • If firmware updates are ever needed, obtain the firmware updates from the Oracle support area of the Emulex website: http://www.emulex.com/downloads/oem-qualified/oracle/

    You can also contact Oracle support to arrange for support or check Oracle support for the latest updates and procedures for the product.

    https://support.oracle.com

  • Use the superuser account to set up and update the universal HBA firmware management utility. Ordinary user accounts allow users to view but not edit firmware. The Oracle Solaris OS firmware update process prevents unauthorized firmware modifications.

  • Refer to the universal HBA installation guide, located on the Oracle web site, for late-breaking news, information about firmware update requirements, or other security information.

  • For information about setting SPARC OpenBootPROM (OBP) security variables, refer to the OpenBoot 4.x Command Reference Manual.

Oracle ILOM Firmware

You can actively secure, manage, and monitor system components, such as the universal HBA, through Oracle Integrated Lights Out Manager (Oracle ILOM) firmware, which is preinstalled on some x86 servers. To understand more about using this firmware when setting up passwords, managing users, and applying security-related features, including Secure Shell (SSH), Secure Socket Layer (SSL), and RADIUS authentication, refer to Oracle ILOM documentation:

http://www.oracle.com/pls/topic/lookup?ctx=ilom31

System Logs

  • Enable logging and send logs to a dedicated secure log host.

  • Configure logging to include accurate time information, using NTP and timestamps.

Copyright © 2014, 2015, , Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next