JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Netra Blade X3-2B (formerly Sun Netra X6270 M3 Server Module)

Security Guide

search filter icon
search icon

Document Information

Overview

Product Overview

Basic Security Principles

Planning a Secure Environment

Hardware Physical Security

Software Security

Oracle ILOM Firmware

Operating System Security Guidelines

Oracle System Assistant Security Information

Maintaining a Secure Environment

Oracle ILOM Security

Hardware Power Control

Asset Tracking

Maintaining Updates for Software and Firmware

Local and Remote Access

Data Security

Oracle System Assistant Security Information

The following post-installation topics are covered:

Understanding that OSA Contains a Bootable Root Environment

Oracle System Assistant is an application running on a pre-installed, internal USB flash drive. It is built on top of a bootable linux root environment. OSA also provides the ability to access its underlying root shell. Users who have physical access to the system, or who have Remote KVMS access to the system through ILOM, will be able to access OSA and the root shell.

A root environment can be used to change ILOM configuration, system policies, as well as access data on other disks. It is recommended that physical access to the server be protected and the administrator and console privileges for ILOM users be assigned sparingly. Encrypting the operating system filesystem will also prevent root shell users of OSA from being able to read disk contents.

Understanding that OSA Mounts a USB Storage Device Accessible to the OS

In addition to being a bootable environment, Oracle System Assistant is also mounted as a USB storage device accessible to the host operating system after installation. This is useful in accessing tools and drivers for maintenance and reconfiguration. The OSA flash device is both readable and writable and could be a potential filesystem exploited by viruses.

It is recommended that the same methods for protecting disks be applied to the OSA storage device including regular virus scans and integrity checks.

Disabling OSA

Oracle System Assistant can be a useful tool in helping setup a server, update and configure firmware, and install the host operating system.However, if the security implications mentioned above are undesirable or if the tool is simply not needed, OSA itself can also be disabled. Disabling OSA means that the USB storage device will no longer be accessible to the host operating system. In addition, it will not be possible to boot to Oracle System Assistant.

It is possible to disable Oracle System Assistant from either OSA itself or from BIOS. Once disabled, it can only be re-enabled from BIOS Setup. It is recommended that BIOS Setup be password-protected such that only authorized users can re-enable OSA.

See the Oracle System Assistant documentation for instructions on how to disable OSA or refer to the Netra Blade X3-2B Administration Guide.