HP CloudSystem Foundation Guide de l'utilisateur Page 23
- Page / 211
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
The following table comprises a partial list of security best practices that HP recommends in both
physical and virtual environments. Differing security policies and implementation practices make
it difficult to provide a complete and definitive list.
Best PracticeTopic
• Limit the number of local accounts. Integrate the appliance with an enterprise directory solution
such as Microsoft Active Directory or OpenLDAP.
Accounts
• Use certificates signed by a trusted certificate authority (CA), if possible.
CloudSystem uses certificates to authenticate and establish trust relationships. One of the most
common uses of certificates is when a connection from a web browser to a web server is
established. The machine level authentication is carried out as part of the HTTPS protocol, using
SSL. Certificates can also be used to authenticate devices when setting up a communication
channel.
The appliance supports self-signed certificates and certificates issued by a CA.
The appliance is initially configured with self-signed certificates for the web server, database,
and message broker software. The browser will display a warning when browsing to the
appliance using self-signed certificates.
HP advises customers to examine their security needs (that is, to perform a risk assessment) and
consider the use of certificates signed by a trusted CA. For the highest level of security, HP
recommends that you use certificates signed by a trusted certificate authority:
◦ Ideally, you should use your company's existing CA and import their trusted certificates. The
trusted root CA certificate should be deployed to user’s browsers that will contact systems
and devices that will need to perform certificate validation
◦ If your company does not have its own certificate authority, then consider using an external
CA. There are numerous third-party companies that provide trusted certificates. You will need
to work with the external CA to have certificates generated for specific devices and systems
and then import these trusted certificates into the components that use them.
As the Infrastructure administrator, you can generate a CSR (certificate signing request) and,
upon receipt, upload the certificate to the appliance web server. This ensures the integrity and
authenticity of your HTTPS connection to the appliance. Certificates can also be uploaded for
the database and message broker.
Certificates
• Do not connect management systems (for example, the appliance, the iLO card, and Onboard
Administrator) directly to the Internet.
If you require access to the Internet, use a corporate VPN (virtual private network) that provides
firewall protection.
Network
• The appliance is preconfigured so that nonessential services are removed or disabled in its
management environment. Ensure that you continue to minimize services when you configure
host systems, management systems, network devices (including network ports not in use) to
significantly reduce the number of ways your environment could be attacked.
Nonessential
services
Passwords
• For local accounts on the appliance, change the passwords periodically according to your
password policies.
• Password contains between 8 and 40 characters
• The following special characters are not allowed:
< > ; , " ' & / \ | + =
• Clearly define and use administrative roles and responsibilities; for example, the Infrastructure
administrator performs most administrative tasks.
Roles
• Consider using the practices and procedures, such as those defined by the Information Technology
Infrastructure Library (ITIL). For more information, see the following website:
http://www.itil-officialsite.com/home/home.aspx
Service
Management
Best practices for maintaining a secure appliance 23
- Abstract 1
- Contents 3
- 4 Contents 4
- Contents 5 5
- 6 Contents 6
- Contents 7 7
- 8 Contents 8
- Contents 9 9
- 10 Contents 10
- Consumers 12
- Administrator 12
- Resources 12
- OpenStack 12
- Features 13
- 2 Concepts and architecture 15
- Associated appliances 16
- Physical servers 17
- User authentication 17
- OpenStack technology 18
- Network tasks and user roles 20
- 3 Security in CloudSystem 22
- Restricting console access 24
- Protecting credentials 25
- 26 Security in CloudSystem 26
- 4 Installation 27
- About Activity 29
- About alerts 30
- About tasks 31
- About the Activity sidebar 31
- Activity states 31
- Icon descriptions 32
- User control icons 33
- Browser requirements 34
- Search resources 35
- 6 Support and other resources 37
- Download audit logs 38
- Create a support dump file 39
- How to contact HP 41
- HP authorized resellers 41
- Documentation feedback 41
- Related information 41
- HP CloudSystem documents 42
- HP Software documents 42
- Related information 43 43
- HP ProLiant servers documents 44
- About managing the appliance 46
- Shut down the appliance 47
- Restart the appliance 47
- Reboot Foundation appliances 48
- Update Foundation appliances 48
- –insecure 51
- 8 Manage users and groups 52
- ◦ Initial password 53
- ◦ User's full name 53
- Authenticating users 54
- Adding a directory server 54
- Add a directory service 55
- 56 Manage users and groups 56
- Add a directory server 58
- Add a directory group 59
- 60 Manage users and groups 60
- Allow local logins 61
- Disable local logins 61
- Challenge = xyaay42a3a 62
- Password: 62
- VET ROME DUE HESS FAR GAS 62
- 9 Manage licenses 63
- License keys 64
- License key format 65
- View license details 66
- 10 Manage security 67
- Verifying a certificate 68
- Configuring cloud resources 70
- 12 Network configuration 73
- About Provider Networks 74
- Delete Provider Network 75
- About Private Networks 76
- About the External Network 77
- 78 Network configuration 78
- About the External Network 79 79
- 80 Network configuration 80
- Managing integrated tools 81
- VMware vCenter Server 82
- VMware vCenter Server 83 83
- 14 Image management 84
- Creating and obtaining images 85
- Add Image 86
- Edit Image 87
- Delete Image 88
- 15 Storage configuration 89
- Edit Block Storage Drivers 90
- Delete Block Storage Drivers 91
- About volume types 91
- Add Volume Types 92
- About Volumes 93
- Understanding Volumes data 94
- Delete Volumes 95
- 16 Compute node creation 96
- Configuring networks 97
- 98 Compute node creation 98
- Creating KVM compute nodes 99
- 102 Compute node creation 102
- 17 Compute node management 103
- 104 Compute node management 104
- Import a cluster 105
- Activate a compute node 105
- Deactivate a compute node 106
- Delete a compute node 107
- Start instance 108
- About Flavors 109
- Flavors in the cloud 110
- Manage flavors 110
- Add Flavor 110
- Delete Flavor 111
- About the Console Dashboard 112
- Dashboard status indicators 113
- Data refresh 114
- Create a security group 118
- Create a key pair 119
- Create a Private network 119
- CloudSystem Portal 122
- Enterprise in the cloud 124
- Multitenancy in Enterprise 125
- 23 Install Enterprise 126
- Enterprise appliance settings 132
- • Current date and time 133
- Set up a template 135
- Create a server group 135
- Create an offering 136
- Deploy an offering 137
- You cannot log in 141
- First-time setup 141
- External difficulties 142
- Enterprise management hosts 142
- Audit log 144
- Licensing 144
- Cannot add directory service 149
- Cannot add directory group 150
- CloudSystem Console 153
- Troubleshooting networks 155
- Neutron CLI 157
- OpenStack Nova command errors 158
- Floating IPs are not working 158
- Troubleshooting images 162
- Troubleshooting storage 166
- Unable to edit a volume type 170
- Troubleshooting compute nodes 173
- Implementation error 182
- 29 Troubleshoot CLI errors 183
- 30 Troubleshoot Enterprise 185
- Part VII Appendices 188
- Using OpenLDAP 189
- Using Active Directory 190
- -----BEGIN CERTIFICATE 191
- MIIEDTCCAvWgAwIBAgIJANgTCE 191
- IFl1P+c9Gro82S7z 191
- -----END CERTIFICATE 191
- Getting help for csadmin 192
- Command syntax and examples 193
- DefinitionArgument 198
Produits connexes et manuels pour Logiciel HP CloudSystem Foundation
Logiciel HP TC3100 Manuel d'utilisateur
(121 pages)
(121 pages)
Logiciel HP PROCURVE 6120 Manuel d'utilisateur
(589 pages)
(589 pages)
Logiciel HP B.06.X Manuel d'utilisateur
(78 pages)
(78 pages)
Logiciel HP 3PAR Guide de l'utilisateur
(676 pages)
(676 pages)
Logiciel HP E3000 Manuel d'utilisateur
(111 pages)
(111 pages)
Logiciel HP 4000S Guide de l'utilisateur
(246 pages)
(246 pages)
Logiciel HP C50 Manuel d'utilisateur
(484 pages)
(484 pages)
Logiciel HP B6960-96008 Manuel d'utilisateur
(396 pages)
(396 pages)
Logiciel HP rp7410 Guide de l'utilisateur
(266 pages)
(266 pages)
Logiciel HP 11i Manuel d'utilisateur
(113 pages)
(113 pages)
Logiciel HP 41B Manuel d'utilisateur
(44 pages)
(44 pages)
Logiciel HP P6350 Manuel d'utilisateur
(316 pages)
(316 pages)
Logiciel HP CD52ce Manuel d'utilisateur
(109 pages)
(109 pages)
© 2020, manymanuals.fr. Tous droits réservés | 0.027 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels