Lpar Manager Security - Hitachi Compute Blade 2000 User Manual

LPAR manager Security

You can improve LPAR manager security using Transport Layer Security (TLS) and
certificates. Certificates play the following two roles.
Authenticating certificate ownership

Encrypting communication

You can set LPAR manager security using the HvmSh command. Copy HvmSh to the
directory where the execution path is set to the management server that executes HvmSh.
See the HVM Management Command (HvmSh) Operation Guide for details about the
command.
Certificates in
LPAR manager
LPAR manager can create and use a server certificate to certify its identity and
authenticate other systems using the certificate of a system connected to LPAR manager
(hereinafter referred to as the other system).
LPAR manager
 LPAR manager certificate
When the other system tries to connect to LPAR manager over TLS, the LPAR manager
certificate is sent to the other system. The other system can authenticate the LPAR
manager by verifying the server certificate.
LPAR manager server certificate

LPAR manager can use self-signed certificates or certificates signed by a
certificate authority (CA) as the LPAR manager server certificate.
When the other system authenticates LPAR manager by verifying the LPAR
manager server certificate, register the server certificate to the other system. See
the other system's user's guide for registration.
It may take about 30 seconds before a registered certificate is enabled, while
connection to LPAR manager may be unavailable for that period.
Systems for LPAR manager server certificate

The following systems can use LPAR manager server certificates.
HCSM (Hitachi Compute Systems Manager)

HvmSh

(1) Authenticates
Other systems
LPAR manager.
(HCSM、HvmSh)
(2) Authenticates
the other system.
1366