Blog Options
Mission Critical Computing Blog
Your source for the latest insights on HP Integrity, mission critical computing, and other relevant server and technology topics from the BCS team.

Impenetrable UNIX

jacob.van-ewyk| April 13, 2010
3 Comments






With the HP-UX
11i v3 March 2010 Update shipping, I thought I would cover the third area
of significant improvements with this update. HP- 11i v3 already has a large
number of security features, but this update adds more, making HP-UX 11i v3
more secure.


 


Dynamic
Root Disk (DRD) allows the root disk to be cloned to an inactive disk. If
patches or changes are made, but for some reason don't work, you can always
revert back to the original image on the inactive disk with just a reboot. To
help improve security, you can automatically synchronize the active image as
well as the clone. For instance, if after you create the clone, you update
passwords, the update passwords can be synced to the clone disk by running DRD
sync. This ensures that any security changes are reflected in the cloned disks.


 


HP-UX 11i v3 has
recently received a an additional security certification. It is the industry's
only UNIX to successfully achieve an EALV4 Common Criteria Certification
against the COTS
Compartmentalized Protection Profile-Operating Systems (CCOPP-OS PDF).
This certification includes nPars, vPars, and Mandatory Access Control, so you
can now deploy highly secure virtualized environments.


 


In addition to
security certification and DRD syncing, HP-UX 11i v3 March 2010 update adds a
few other security features. Long passwords are now supported, with the maximum
password no being 256 characters. All of the Trusted Mode functionality is now
part of the Base Operating Environment. IPSEC on HP-UX 11i has also been
upgraded to support the latest requirements. It is now IPV6 Logo 2
compliant. IP Filter v17 has also been updated to the latest standard.


 


If you use the
Red Hat Directory Server for HP-UX 11i, it is being replaced with HP
Directory Server v8.1. This is based off of the open source Fedora 389
directory server. It is included as part of the Base Operating Environment, and
as you would expect for a variation of open source software, no additional fees
or licenses are required.


 


Finally, if you
use HP Integrity Virtual Machines, and specifically Online
VM Migration, there are a number of improvements that may make your life a
little easier. First, you can now use data encryption whenever you move a
virtual machine, allowing the secure movement of a virtual machine even over a
public network. The Online VM migration is also up to twice as fast as the
previous version, although using the encryption function will slow it down
again. Online VM Migration is now included as part of the Virtual Server
Operating Environment, Data Center Operating Environment, and the Insight
Dynamics - VSE Suite.


 


Overall, the
March 2010 Update makes HP-UX 11i v3 a little more secure.


 


Do you have any
comments on these updates? Will they make your life a little easier or more
secure? Let me know.


 


Jacob


 

Read Blog Article
Labels: DRD| Dynamic Root Disk| HP Directory Server| HP Integrity Virtual Machines| HP-UX| HP-UX 11i v3| HP-UX 11i v3 March 2010| Insight Dynamics - VSE| IPSec| IPv6| Online VM Migration| UNIX
Labels:
Search
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Follow Us
HP Discover 2013

About the Author
  • Kirk Bresniker is the Vice President/Chief Technologist for HP Business Critical Systems where he has technical responsibility for all things Mission Critical, including HP-UX, NonStop and scalable x86 platforms. He joined HP in 1989 after graduating from Santa Clara University and has been an HP Fellow since 2008.
  • I’m the worldwide marketing manager for HP NonStop. I’ll be blogging and tweeting out news as it relates to NonStop solutions – you can find me here and on twitter at @CarolynatHP
  • Cynthia is part of the HP ExpertOne team. ExpertOne offers professional IT training and certifications from infrastructure refresh to areas that span across the datacenter like Cloud and Converged Infrastructure.
  • I have worked with NonStop systems since 1982. I am a Master Technologist for HP and am part of the IT SWAT organization, the Cloud SWAT and work with HP Labs. I report into the Enterprise Solutions and Architecture organization.
  • Joe Androlowicz is a Technical Communications and Marketing manager in HP’s NonStop Product Division. Joe is a 25 year journeyman in information systems design, instructional technologies and multimedia development. He left Apple Computer for Tandem Computers to help launch G03 and hasn’t looked back yet. He previously managed the program management team for the NonStop Education and Training Center and drove the development and growth of the NonStop Certification programs.
  • As a recent college graduate I am new to the world of converged infrastructure, cloud and big data. I am very excited about the innovation HP can bring to the future of mission critical IT.
  • Hello! I am a social media manager for servers, so my posts will be geared towards HP server-related news & info.
  • HP Editor-Enterprise Group: ISS, BCS, Converged Infrastructure (CI), Converged Cloud, Converged App Systems (CAS), and ExpertOne
  • I’m the Worldwide Product Marketing Manager for HP Serviceguard Solutions for Linux in BCS. I’ll be blogging about the latest news and enhancements as it relates to this product.
  • Greetings! I am on the HP Enterprise Group marketing team focused on Content Marketing for Business Critical Systems. Topics I am interested in include mission-critical computing, scale up x86, and Converged Infrastructure, Converged Systems.
  • As a Managing Consultant for HP’s Enterprise Solution & Architecture group, I collaborate with client business and IT senior management to understand, prioritize and architect advanced use of data and information, drawing insights required to make informed business decisions. My current focus leverages event-driven business intelligence design techniques and technologies to identify patterns, anticipate outcomes and proactively optimize business response creating a differentiated position in the marketplace for the client.
  • Vinay Gupta is an HP Distinguished Technologist and the NonStop Manageability Architect. He joined Tandem in 1994 after graduating from Indian Institute of Technology. He has worked on many NonStop manageability applications over time. He works across various groups within NonStop and HP to ensure consistency and interoperability in manageability interfaces and applications. He is also a member of DMTF workgroups.
  • Wendy Bartlett is a Distinguished Technologist in HP’s NonStop Enterprise Division, and focuses on dependability – security and availability - for the NonStop server line. She joined Tandem in 1978. Her other main area of interest is system architecture evolution. She has an M.S. degree in computer science from Stanford University.
Labels