Skip to main content

Data security

Lenovo is committed to security.

Lenovo XClarity One is designed with security as integral to the overall solution and seamless to the end-user experience. The solution is built with the premise of zero trust as a guiding strategy. Every component across the data flow is protected using best-in-breed security practices. End-to-end encryption provides the bedrock of the trust-but-verify architecture where every action is authenticated and authorized, both for users, and for machine-to-machine communication. Security in the Software Development Lifecycle provides continuous and immediate feedback to ensure the solution is built as securely as possible. Leveraging cloud security controls from the XClarity One Cloud Service Provider, Microsoft Azure®, the infrastructure running the solution workload is tightened to ensure the environment does not expose the solution to lateral attack. White Hat penetration testers regularly attack the environment from within and without, providing solid protection for customer data and control of customer critical data-center systems

Device data

The XClarity One portal and the locally-installed management hubs store hardware-specific data for all managed devices, including serial numbers, UUIDs, IP addresses and host names, hardware and firmware inventory, warranty, alerts and events raised by the devices, and usage and predictive failure analysis metrics.

Important

  • Device credentials are stored only on the management hubs in your datacenter. Device credentials are not stored in the cloud.

  • Business and application-level data is never collected or stored on the management hubs or in the cloud.

Hardware data is transferred from the managed devices to the management hub and then to the XClarity One portal using HTTPS. Managed devices are not directly connected to the XClarity One portal.

Access to device data is restricted to users that have access to your organization, including service agents. The Lenovo XClarity Support team has administrative access to the XClarity One portal using internal identity management practices and role-based access control. All access to data is logged and audited.

Service data

When enabled, Call Home automatically collects service data when a serviceable event occurs. You can also manually collect service data for a specific managed device. Service data includes data that is needed to help find the cause of the issue, including service information, inventory, and debug logs.

Attention

  • Service data includes sensitive information, including serial numbers, UUIDs, IP addresses, host names, and device locations. If needed, take appropriate steps to protect any service-data files that were saved to your local system.

  • Service data is not stored in the management hubs or in the cloud.

Lenovo is committed to security. When service data is sent to Lenovo Support either automatically through Call Home or manually by you, the service-data archive is sent to Lenovo Upload Facility over HTTPS using TLS 1.2 or later. Your business data is never transmitted. Access to service data in the Lenovo Upload Facility is restricted to authorized service personnel.

Disaster recovery

XClarity One encompasses database-as-a-service, which disperses workloads across different availability zones to mitigate data loss and disaster recovery. After a disaster, you can recover your data when your data center comes back to normal.