test

N1 Provisioning Server 3.1, Blades Edition, Installation Guide

N1 Provisioning Server Security

By default, an I-Fabric is configured to apply a high level of security at all levels. You can configure I-Fabric security according to your company's needs by using any suitable combination of security levels as described in the following sections.

An I-Fabric provides several levels of security throughout the infrastructure to ensure that each logical server farm is secure from intrusion or attack from within or outside the I-Fabric. Security solutions have been implemented at the following levels within the I-Fabric:

Password Encryption

Password encryption is provided at all levels within the I-Fabric for security purposes. You can configure the system to use clear-text passwords. However, clear-text passwords are problematic.

Control Plane Security

The server responsible for running the N1 Provisioning Server software resides within the control plane. The security of this server depends significantly on the deployment architecture of the servers and network responsible for running the N1 Provisioning Server application. The I-Fabric design provides a secure methodology for deploying the N1 Provisioning Server software.

Depending on the management requirements of an I-Fabric, you can deploy the Control Center without connectivity to external networks or to the Internet. Control Center security is implemented at several levels. For further information, see Provisioning Server Security. The Control Center communicates with the Control Center through a privileged VLAN that is not available from outside of the I-Fabric.

Control Center security prevents tampering from within the I-Fabric. Security for Control Center software is implemented by using dedicated VLANs. For further information, see Ethernet Security.

Provisioning Server Security

The following list describes the three types of connections to the Control Center, each of which has security measures in place:

Accessing the Control Center

Secure access to the Control Center is based on login accounts. These login accounts provide security from accounts outside a company as well as inside a company. An account may have one of the following available login roles assigned to it, depending on the users job functions:

For more details about accounts, see the Control Center Management Guide.

Login Name and Password Management

The Control Center processes login name and password changes. You are responsible for issuing the initial name and password to the users of an account. The Control Center network system automatically verifies passwords.

Login Lockout

By default, users are locked out of the Control Center if their login attempts fail a configurable number of times within a configurable number of minutes. The lock is automatically released after another configurable number of minutes. However, you can use the Control Center Login Status screen to unlock users before the automatic unlock process takes place. This screen also enables you to force-lock existing users if a security issue involving a user becomes apparent. You can also unlock or force-lock another administrator by using the same method. See the Control Center Management Guide.

Reaccessing the Control Center After a Failure

When a software or hardware failure occurs during a session on the Control Center, users must log in again when reaccessing the Control Center.

Encryption and Filtering

Transactions performed using the Control Center are encrypted securely using the hyper-text transfer protocol secure sockets (HTTPS). External access to the Control Center is filtered at all points using IP filtering to ensure secure web access.

Resource Pool Security

The ability to repurpose servers over time as they come in and out of the resource pool presents security challenges. Server integrity is protected by power cycling and scrubbing the storage and memory of all servers before they are added to a resource pool.

Ethernet Security

Within the Ethernet portion of the switched fabric, logical server farms are implemented using port-based virtual local area networks (VLANs). From a security perspective, port-based addressing provides a superior implementation when compared to VLAN implementations that are defined by Media Access Control (MAC) or IP addresses. This enhanced security is due to devices being connected physically through the switch rather than through logical addresses. The implementation of a network virtualization layer eliminates the possibility of VLAN hopping or IP spoofing, or the possibility of controlling VLAN membership from outside the Control Center.

To prevent IP spoofing attempts, an incoming IP packet on a VLAN must have the same VLAN tag and MAC address as the logical interface on which it is arriving. The Control Center sets VLAN tags for the appropriate ports and networks.

To ensure that the Control Center is protected from unauthorized access from within the I-Fabric, the control plane server on which the Control Center software runs resides within its own dedicated port-based VLAN. This architecture physically eliminates the possibility of unauthorized access to the Control Center from within the I-Fabric. Logical server farm users cannot manipulate their own or any other logical server farm's VLAN configuration.

Server blades within an I-Fabric are dedicated to only one unique logical server farm at any time. While servers may be added or subtracted from a particular logical server farm over its life cycle, no single physical server blade will ever be used by more than one logical server farm simultaneously. Thus, servers are protected from intrusion by the VLAN and the Control Center security measures previously described.

Farms are implemented in an I-Fabric using VLANs, which are based on physical switch ports and configured through the Control Center. The switch configuration is protected by the VLAN, not an administrative password. VLAN configurations are password protected on the applicable switch.

Access to services on the Control Center from the farms is restricted by IP filtering. IP routing through a control plane server is not possible. Access to the Farm Manager and the Segment Manager from a farm is not possible.

Note –

Only the Control Center is authorized to make modifications to virtual wiring and virtual farm security perimeters.

Physical Network Security

Implement security policies that protect the physical network from internal unauthorized access based on your site's setup and facilities.

Network Virtualization and Security

By using port-based VLAN technology, network virtualization provides a network security perimeter for all the computing and network devices associated with a given farm. When a device is logically assigned to a farm, the device is transitioned to the appropriate logical network associated with that logical element of the farm.

Network virtualization uses physical port-based VLAN technology built into current generation Layer-2 switches. The VLAN enables you to create a secure virtual network between a set of network nodes that appears as a transparent Layer-2 interconnect to these sets of network nodes. These virtual Layer-2 interconnects are then used as virtual wires to connect the devices on the switched fabric into the desired Layer-2 network topology.

Ethernet switching equipment must be capable of supporting VLAN tagging for use in network virtualization to protect against VLAN hopping or other kinds of VLAN penetration attempts. In addition, standard password encryption protects the management of these switches from unauthorized modifications from any server or device in the resource pool. Any switching equipment must meet the standards of 802.1q.

The management of these switches is protected from unauthorized modifications from any server or device in an I-Fabric. Only the Control Center administrator is authorized to make modifications to the virtual wiring and virtual logical server farm security perimeters.

Logical Server Farm Security

Logical server farms on an I-Fabric are implemented using port-based VLANs. These VLANs are configured through the Control Center. The Control Center restricts access from the farms. Farm users cannot change their own or any other farm's VLAN configuration.

Server blades within an I-Fabric are dedicated to one unique farm at a time. While you can add or subtract server blades from a particular farm over its lifecycle, no single physical server blade is ever used by more than one farm simultaneously.

When you deactivate a server blade, the N1 Provisioning Server software cycle its power sufficiently to clear volatile memory. You should also reset server blades to their factory values before returning them to the idle pool so that any account-specific, nonvolatile memory components are erased. Follow the best practices to configure and check your server blades for security. If you want to perform a recommended audit, an I-Fabric supports industry-standard third-party auditing tools.

Server Accounts and Passwords

Set up administrator server accounts and passwords by following conventions and best practices. See also security web sites such as http://www.cert.org, http://www.sun.com, and http://www.cisco.com for recommendations on keeping network servers protected from unauthorized access.

External Ethernet Port Connection Security

Ethernet port connections are optional with an I-Fabric. The connections can be either virtual private network (VPN) or leased-line connections. You can configure your I-Fabric for Ethernet port connections based on your site's needs and by using industry-standard security mechanisms.