Mission Critical Computing Blog
Your source for the latest insights on HP Integrity, mission critical computing, and other relevant server and technology topics from the BCS team.

Crush Maintenance Downtime with HP-UX Dynamic Root Disk

downtime.JPGDynamic Root Disk (DRD) is really important when you want to do maintenance on your mission-critical UNIX systems.  Want to avoid downtime and safely update and repair active disks?  Well read more about this important exclusive inclusion in HP-UX 11i v3 operating environments.

Impenetrable UNIX






With the HP-UX
11i v3 March 2010
Update shipping, I thought I would cover the third area
of significant improvements with this update. HP- 11i v3 already has a large
number of security features, but this update adds more, making HP-UX 11i v3
more secure.


 


Dynamic
Root Disk
(DRD) allows the root disk to be cloned to an inactive disk. If
patches or changes are made, but for some reason don't work, you can always
revert back to the original image on the inactive disk with just a reboot. To
help improve security, you can automatically synchronize the active image as
well as the clone. For instance, if after you create the clone, you update
passwords, the update passwords can be synced to the clone disk by running DRD
sync. This ensures that any security changes are reflected in the cloned disks.


 


HP-UX 11i v3 has
recently received a an additional security certification. It is the industry's
only UNIX to successfully achieve an EALV4 Common Criteria Certification
against the COTS
Compartmentalized Protection Profile-Operating Systems
(CCOPP-OS PDF).
This certification includes nPars, vPars, and Mandatory Access Control, so you
can now deploy highly secure virtualized environments.


 


In addition to
security certification and DRD syncing, HP-UX 11i v3 March 2010 update adds a
few other security features. Long passwords are now supported, with the maximum
password no being 256 characters. All of the Trusted Mode functionality is now
part of the Base Operating Environment. IPSEC on HP-UX 11i has also been
upgraded to support the latest requirements. It is now IPV6 Logo 2
compliant. IP Filter v17 has also been updated to the latest standard.


 


If you use the
Red Hat Directory Server for HP-UX 11i, it is being replaced with HP
Directory Server v8.1
. This is based off of the open source Fedora 389
directory server. It is included as part of the Base Operating Environment, and
as you would expect for a variation of open source software, no additional fees
or licenses are required.


 


Finally, if you
use HP Integrity Virtual Machines, and specifically Online
VM Migration
, there are a number of improvements that may make your life a
little easier. First, you can now use data encryption whenever you move a
virtual machine, allowing the secure movement of a virtual machine even over a
public network. The Online VM migration is also up to twice as fast as the
previous version, although using the encryption function will slow it down
again. Online VM Migration is now included as part of the Virtual Server
Operating Environment, Data Center Operating Environment, and the Insight
Dynamics - VSE Suite.


 


Overall, the
March 2010 Update makes HP-UX 11i v3 a little more secure.


 


Do you have any
comments on these updates? Will they make your life a little easier or more
secure? Let me know.


 


Jacob


 

Search
Showing results for 
Search instead for 
Do you mean 
Follow Us
Featured


About the Author(s)
  • I work as a Master Architect in HP Servers R & D group. I work with teams spread across the lab and outside to build solutions which are highly available on HP-UX, OpenVMS and Mission Critical Linux platforms. In particular I contribute to develop HP Serviceguard clusters, HP-UX Security and Middleware products. I have been with HP for last 17 years and have exposure to HA/DR field from both R & D and customer perspectives.
  • Kirk Bresniker is the Vice President/Chief Technologist for HP Business Critical Systems where he has technical responsibility for all things Mission Critical, including HP-UX, NonStop and scalable x86 platforms. He joined HP in 1989 after graduating from Santa Clara University and has been an HP Fellow since 2008.
  • I’m the worldwide marketing manager for HP NonStop. I’ll be blogging and tweeting out news as it relates to NonStop solutions – you can find me here and on twitter at @CarolynatHP
  • Cynthia is part of the HP ExpertOne team. ExpertOne offers professional IT training and certifications from infrastructure refresh to areas that span across the datacenter like Cloud and Converged Infrastructure.
  • Hi, I work on the HP Servers team as HP-UX worldwide product marketing manager. I´m interested in how customers use our technology and will be blogging about their stories and on how our products evolve to help their businesses be always on.
  • I have worked with NonStop systems since 1982. I am a Master Technologist for HP and am part of the IT SWAT organization, the Cloud SWAT and work with HP Labs. I report into the Enterprise Solutions and Architecture organization.
  • Joe Androlowicz is a Technical Communications and Marketing manager in HP’s NonStop Product Division. Joe is a 25 year journeyman in information systems design, instructional technologies and multimedia development. He left Apple Computer for Tandem Computers to help launch G03 and hasn’t looked back yet. He previously managed the program management team for the NonStop Education and Training Center and drove the development and growth of the NonStop Certification programs.
  • Hello! I am a social media manager for servers, so my posts will be geared towards HP server-related news & info.
  • HP Servers, Converged Infrastructure, Converged Systems and ExpertOne
  • Luke Oda is a member of the HP's BCS Marketing team. With a primary focus on marketing programs that support HP's BCS portfolio. His interests include all things mission-critical and the continuing innovation that HP demonstrates across the globe.
  • I am the Superdome 2 Product Manager. My interest is to learn how mission critical platform helps customers and would also like to share my thoughts on how Superdome has been helping customers and will continue to do so.
  • I work in the HP Servers marketing group, managing a marketing team responsible for marketing solutions for enterprise customers who run mission-critical workloads and depend on HP to keep their business continuously running.
  • Mohan Parthasarathy is a Technical Architect in the HP-UX lab. His primary focus currently is in the core kernel, platform enablement and virtualization areas of HP-UX. Mohan has worked on various modules of HP-UX, including networking protocol stacks, drivers, core kernel and virtualization
  • I’ll be blogging about the latest news and enhancements as it relates to HP Moonshot.
  • Greetings! I am on the HP Enterprise Group marketing team. Topics I am interested in include Converged Infrastructure, Converged Systems and Management, and HP BladeSystem.
  • As a Managing Consultant for HP’s Enterprise Solution & Architecture group, I collaborate with client business and IT senior management to understand, prioritize and architect advanced use of data and information, drawing insights required to make informed business decisions. My current focus leverages event-driven business intelligence design techniques and technologies to identify patterns, anticipate outcomes and proactively optimize business response creating a differentiated position in the marketplace for the client.
  • Wendy Bartlett is a Distinguished Technologist in HP’s NonStop Enterprise Division, and focuses on dependability – security and availability - for the NonStop server line. She joined Tandem in 1978. Her other main area of interest is system architecture evolution. She has an M.S. degree in computer science from Stanford University.
  • I am part of the integrated marketing team focused on HP Moonshot System and HP Scale-up x86 and Mission-critical solutions.
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.