4.1 Securing the Hardware
After installation of Oracle Exadata Database Machine, the hardware should be secured.
Hardware can be secured by restricting access to the hardware and recording the serial numbers. Oracle recommends the following practices to restrict access:
-
Install Oracle Exadata Database Machine and related equipment in a locked, restricted-access room.
-
Lock the rack door unless service is required on components within the rack.
-
Restrict access to hot-pluggable or hot-swappable devices because the components can be easily removed by design. See
-
Store spare field-replaceable units (FRUs) or customer-replaceable units (CRUs) in a locked cabinet. Restrict access to the locked cabinet to authorized personnel.
-
Limit SSH listener ports to the management and private networks.
-
Use SSH protocol 2 (SSH-2) and FIPS 140-2 approved ciphers.
-
Limit SSH allowed authentication mechanisms. Inherently insecure methods are disabled.
-
Mark all significant items of computer hardware, such as FRUs.
-
Keep hardware activation keys and licenses in a secure location that is easily accessible to the system managers in the case of a system emergency.
-
Record the serial numbers of the components in Oracle Exadata Database Machine, and keep a record in a secure place. All components in Oracle Exadata Database Machine have a serial number.
- Getting the Rack Serial Number
Use the ipmitool utility to get the serial number for the rack. - Getting the Serial Numbers for Rack Components
The CheckHWnFWProfile command can be used to display the serial number of most of the system components. - Getting the Rack Serial Number for a Cisco 9336C or 9348 Switch
Use theshow license host-id
command on the switch to get the serial number. - Getting the Rack Serial Number for a Sun Datacenter InfiniBand Switch 36
Use theshowfruinfo
command on the switch to get the serial number. - Getting the Serial Number for a Cisco 4948 Ethernet Switch
Use thesh inventory
command on the switch to get the serial number.
Related Topics
- How To Obtain The Serial Number Associated With The System Board, Motherboard, Disk Controller, Disks, Infiniband HCA And More Contained In A Cell Or Compute Box (Exadata-Sun V2 or X2 / 11.2)? (My Oracle Support Doc ID 949614.1)
- How to Determine the Serial Number of a Datacenter InfiniBand Switch 36 or QDR InfiniBand Gateway InfiniBand Switch (My Oracle Support Doc ID 1299791.1)
Parent topic: Keeping the Oracle Exadata Secure
4.1.1 Getting the Rack Serial Number
Use the ipmitool utility to get the serial number for the rack.
When interacting with Oracle Support Services, the CSI number for a rack is based on the rack serial number.
Parent topic: Securing the Hardware
4.1.2 Getting the Serial Numbers for Rack Components
The CheckHWnFWProfile command can be used to display the serial number of most of the system components.
Parent topic: Securing the Hardware
4.1.3 Getting the Rack Serial Number for a Cisco 9336C or 9348 Switch
Use the show license host-id
command on the switch to get the serial number.
Parent topic: Securing the Hardware
4.1.4 Getting the Rack Serial Number for a Sun Datacenter InfiniBand Switch 36
Use the showfruinfo
command on the switch to get the serial number.
Parent topic: Securing the Hardware
4.1.5 Getting the Serial Number for a Cisco 4948 Ethernet Switch
Use the sh inventory
command on the switch to get the serial number.
Parent topic: Securing the Hardware