Security-hardened appliance

HPE OneView is delivered as a security-hardened virtual appliance. The following factors secure (harden) the appliance and its operating system.

  • HPE OneView can be switched to FIPS and CNSA cryptography modes, wherein you can apply stricter security protection of FIPS-140-2 and an even stricter CNSA specification.

  • Some examples of best-practice security hardening used within the HPE OneView virtual appliance are:
    • The appliance uses a customized operating system that eliminates all nonessential services to reduce its attack surface.

    • The appliance minimizes its vulnerability by running only the services required to provide functionality.

    • The appliance OS enforces mandatory access controls.

    • The appliance supports two-factor authentication.

    • The operating system bootloader is password protected. The appliance cannot be compromised by someone attempting to boot in single-user mode.

    • An IP firewall only allows access to the ports required by HPE OneView services. See Ports required for HPE OneView for the list of network ports.

    • Key services do not run as privileged OS users.

    • There are no users allowed at the operating system level (no interactive OS logins are allowed). Users interact with HPE OneView strictly through:
      • REST APIs (either programmatically or through the GUI)

      • The State Change Message Bus (AMPQ interface)

      • The maintenance console through SSH or from the appliance console for appliance management

      • A web server that provides the html pages for the GUI and the online help

  • HPE OneView is designed to operate entirely on an isolated management LAN.

  • RBAC (role-based access control) enables an administrator to establish access control and authorization for users based on their responsibilities for specific resources. RBAC also simplifies what is shown in the UI:
    • Users can initiate actions only for the types of resources for which they are authorized. For example, users with the role of Network administrator can initiate actions for the network resources only, and users with the role of Server administrator can initiate actions for the server resources only.

    • Users with the role of Infrastructure administrator have full access to all screens and actions.

  • SBAC (scope-based access control) enables an administrator to establish access control for users by allowing a role to be restricted to a subset of resources managed by the appliance. The infrastructure administrator grants rights to users and directory groups by assigning permissions. A permission consists of a role and an optional scope. A scope is a user-defined set of resources. A resource can belong to multiple scopes. The role grants access to resource categories. The scope further restricts the rights granted by the role to a subset of instances in the resource category.

  • HPE OneView supports integration with Microsoft Active Directory or OpenLDAP for user authentication. Local user accounts can be disabled when enterprise directories are in use.

  • The Administrator account has a default password for initial appliance installation. The appliance enforces a password change at first login and the default password cannot be used again.

  • The appliance supports self-signed certificates and certificates issued by a certificate authority.

    The appliance is initially configured with a self-signed certificate. As the Infrastructure administrator, you can generate a CSR (certificate signing request) to submit to a corporate or third-party CA and, upon receipt, upload the certificate. This certificate ensures the integrity and authenticity of your HTTPS connection to the appliance.

    Similarly, by default, the communication between HPE OneView and managed devices is secured using self-signed certificates. Using REST interfaces for each managed device, you can generate a CSR to submit to a corporate or third-party CA and, upon receipt, upload the signed certificate to the managed device. This certificate ensures the integrity and authenticity of the management communications between the appliance and each managed device.

  • All browser operations and REST API calls use HTTPS/TLS.

  • The appliance supports a secure update procedure for installing patches or upgrading to the next version. The updates are digitally signed by Hewlett Packard Enterprise and the update procedure verifies the digital signature. The signature and verification ensures the authenticity and integrity of software updates.

  • Support dumps created by users who are not an Infrastructure administrator are encrypted; Infrastructure administrator users have the option to not encrypt a support dump. The default encryption protects any sensitive customer data contained in the support dump (such as IP addresses, IP address pools, hostnames, and WWNs). An unencrypted dump is available for an Administrator to validate the type of data being sent back to Hewlett Packard Enterprise. No credential data is ever included in a support dump.

  • Hewlett Packard Enterprise closely monitors security bulletins for threats to appliance software components and, if necessary, issues software updates.

More information