With the HP-UX
11i v3 March 2010 Update shipping, I thought I would cover the third area
of significant improvements with this update. HP- 11i v3 already has a large
number of security features, but this update adds more, making HP-UX 11i v3
Root Disk (DRD) allows the root disk to be cloned to an inactive disk. If
patches or changes are made, but for some reason don't work, you can always
revert back to the original image on the inactive disk with just a reboot. To
help improve security, you can automatically synchronize the active image as
well as the clone. For instance, if after you create the clone, you update
passwords, the update passwords can be synced to the clone disk by running DRD
sync. This ensures that any security changes are reflected in the cloned disks.
HP-UX 11i v3 has
recently received a an additional security certification. It is the industry's
only UNIX to successfully achieve an EALV4 Common Criteria Certification
against the COTS
Compartmentalized Protection Profile-Operating Systems (CCOPP-OS PDF).
This certification includes nPars, vPars, and Mandatory Access Control, so you
can now deploy highly secure virtualized environments.
In addition to
security certification and DRD syncing, HP-UX 11i v3 March 2010 update adds a
few other security features. Long passwords are now supported, with the maximum
password no being 256 characters. All of the Trusted Mode functionality is now
part of the Base Operating Environment. IPSEC on HP-UX 11i has also been
upgraded to support the latest requirements. It is now IPV6 Logo 2
compliant. IP Filter v17 has also been updated to the latest standard.
If you use the
Red Hat Directory Server for HP-UX 11i, it is being replaced with HP
Directory Server v8.1. This is based off of the open source Fedora 389
directory server. It is included as part of the Base Operating Environment, and
as you would expect for a variation of open source software, no additional fees
or licenses are required.
Finally, if you
use HP Integrity Virtual Machines, and specifically Online
VM Migration, there are a number of improvements that may make your life a
little easier. First, you can now use data encryption whenever you move a
virtual machine, allowing the secure movement of a virtual machine even over a
public network. The Online VM migration is also up to twice as fast as the
previous version, although using the encryption function will slow it down
again. Online VM Migration is now included as part of the Virtual Server
Operating Environment, Data Center Operating Environment, and the Insight
Dynamics - VSE Suite.
March 2010 Update makes HP-UX 11i v3 a little more secure.
Do you have any
comments on these updates? Will they make your life a little easier or more
secure? Let me know.