The modular system hardware and software are hardened. Oracle also provides recommended secure configurations for services such as NTP and SSH. In addition, the modular system's architecture provides security capabilities to the core components. These security capabilities are most often applied by organizations that are deploying a layered security strategy. The capabilities are grouped into the following categories:
If you want to consolidate IT infrastructure, implement shared service architectures, and deliver secure multitenant services, consider isolating the network traffic. The modular system provides the flexibility to implement the isolation policies and strategies based on needs.
At the physical network level, client access is isolated from device management and inter-device communication. Client and management network traffic are isolated on separate networks. Client access is provided over a redundant 10 Gbps Ethernet network that ensures reliable, high-speed access to services running on the system. Management access is provided over a physically separate 1 Gbps Ethernet network. This provides a separation between operational and management networks.
Organizations can choose to further segregate network traffic over the client access Ethernet network by configuring virtual LANs (VLANs). VLANs segregate network traffic based on their requirements. Oracle recommends the use of encrypted protocols over VLANs to assure the confidentiality and integrity of communications.
Collections of security controls and capabilities are necessary to properly secure individual applications and services. It is equally important to have comprehensive management capabilities to sustain the security of the deployed services and systems. The modular system uses the security management capabilities of Oracle ILOM.
Oracle ILOM is an SP embedded in the modular system's compute nodes. Oracle ILOM is used to perform out-of-band management activities, such as the following:
Provide secure access to perform secure lights-out management of the database and storage servers. Access includes web-based access protected by SSL, command-line access using Secure Shell, and IPMI v2.0 and SNMPv3 protocols.
Separate duty requirements using a role-based access control model. Individual users are assigned to specific roles that limit the functions that can be performed.
Provide an audit record of all logins and configuration changes. Each audit log entry lists the user performing the action, and a timestamp. The audit record enables organizations to detect unauthorized activity or changes, and attribute those actions back to specific users.
For more information about Oracle ILOM security, refer to the Oracle ILOM Security Guide at http://www.oracle.com/goto/ILOM/docs.