Planning a Secure Environment

Review the information in this section before and during the installation and configuration of a server and the Oracle Storage 12 Gb/s SAS PCIe RAID HBA, Internal.

This section contains the following topics:

• Hardware Security

• Software Security

• Firmware Security

• Oracle ILOM Firmware

• System Logs

Hardware Security

Physical hardware can be secured fairly simply: limit access to the hardware and record serial numbers.

• Restrict access

  • If equipment is installed in a rack with a locking door, keep the door locked except when you have to service components in the rack.

  • Store spare field-replaceable units (FRUs) or customer-replaceable units (CRUs) in a locked cabinet. Restrict access to the locked cabinet to authorized personnel.

• Record serial numbers

  Keep a record of the serial numbers of all HBA cards.

Software Security

The security considerations for software components are:

• Refer to the documentation that came with your software to enable any security features available for the software.

• Use the superuser account to set up and update the HBA drivers.

• Most hardware security is implemented through software measures.

• The software components that support the HBA rely on system security features to provide secure access.

Firmware Security

The HBA ships with all of the firmware installed. Firmware installation is not required in the field, except for updates.

• If firmware updates are ever needed, obtain the firmware updates from the Oracle support area of the LSI website: http://www.lsi.com/sep/Pages/oracle/index.aspx

  You can also contact Oracle support to arrange for support or check Oracle support for the latest updates and procedures for the product:

  https://support.oracle.com

• Use the superuser account to set up and update the HBA firmware management utility. Ordinary user accounts allow users to view but not edit firmware. The Oracle Solaris OS firmware update process prevents unauthorized firmware modifications.

• Refer to the HBA installation guide, located on the Oracle web site, for late-breaking news, information about firmware update requirements, or other security information.

• For information about setting SPARC OpenBootPROM (OBP) security variables, refer to the OpenBoot 4.x Command Reference Manual.

Oracle ILOM Firmware

You can actively secure, manage, and monitor system components through Oracle Integrated Lights Out Manager (Oracle ILOM) firmware which is preinstalled on some x86 servers. To understand more about using this firmware when setting up passwords, managing users, and applying security-related features, including Secure Shell (SSH), Secure Socket Layer (SSL), and RADIUS authentication, refer to Oracle ILOM documentation:

http://www.oracle.com/pls/topic/lookup?ctx=ilom31

System Logs

• Enable logging and send logs to a dedicated secure log host.

• Configure logging to include accurate time information, using NTP and timestamps.