On Mon, Aug 26, 2024 at 07:46:53AM +0000, Rohit Chauhan via IBM TechXchange Community wrote:
> In a dual site setup i know the redundant hmc's has many advantages
> including the both can control the power systems at a time if one
> fails. But i was thinking more on the security side here. Example,
> we have 2 sites production and DR site. We have configured redundant
> hmc's which can manage either of the systems across the two
> site. But let's say if hmc at the DR site is compromised site then
> the chances of manipulating the production systems with this hmc is
> really high ? Is it my correct assumption or am i missing something
> here?
This can be summarized as redundant HMCs mean redundant management
domains. If one management domain is compromised, both sites are
compromised.
If you make the HMC's non-redundant so they don't share a management
domain, then a compromise at one site is isolated. Also ensure you use
unique passwords at each site for your hscroot account.
You need to choose a balance between redundancy and isolation for
security. Many times I have dual HMCs at each site. It's cheaper to
implement now with the vHMC.
Just a reminder if you are doing cross site HMCs, you likely have your
FSPs on a public VLAN and should ensure you have strong passwords on
the FSP accounts. Also consider using the firewall on the FSP to lock
it to only allow the HMC IPs to login. Otherwise a network scan may
allow attackers to go directly to the FSP, bypassing the HMCs
completely. There is a horrible history of bad default passwords being
placed on FSP accounts.
I recommend using an isolated VLAN for the FSPs for that reason.
------------------------------------------------------------------
Russell Adams
Russell.Adams@AdamsSystems.nlPrincipal Consultant Adams Systems Consultancy
https://adamssystems.nl/
Original Message:
Sent: 8/26/2024 3:47:00 AM
From: Rohit Chauhan
Subject: Security concern over Redundant HMC's setup
Hello,
In a dual site setup i know the redundant hmc's has many advantages including the both can control the power systems at a time if one fails. But i was thinking more on the security side here. Example, we have 2 sites production and DR site. We have configured redundant hmc's which can manage either of the systems across the two site. But let's say if hmc at the DR site is compromised site then the chances of manipulating the production systems with this hmc is really high ? Is it my correct assumption or am i missing something here?
------------------------------
Rohit Chauhan
Senior Technical Specialist
Norway
------------------------------