Data security
Lenovo is committed to security.
Lenovo XClarity One is designed with security as integral to the overall solution and seamless to the end-user experience. The solution is built with the premise of zero trust as a guiding strategy. Every component across the data flow is protected using best-in-breed security practices. End-to-end encryption provides the bedrock of the trust-but-verify architecture where every action is authenticated and authorized, both for users, and for machine-to-machine communication. Security in the Software Development Lifecycle provides continuous and immediate feedback to ensure the solution is built as securely as possible. Leveraging cloud security controls from the XClarity One Cloud Service Provider, Microsoft Azure®, the infrastructure running the solution workload is tightened to ensure the environment does not expose the solution to lateral attack. White Hat penetration testers regularly attack the environment from within and without, providing solid protection for customer data and control of customer critical data-center systems
Device data
The XClarity One portal and the locally-installed management hubs store hardware-specific data for all managed devices, including serial numbers, UUIDs, IP addresses and host names, hardware and firmware inventory, drive health, warranty, alerts and events raised by the devices, and usage and predictive failure analysis metrics.
Device credentials are stored only on the management hubs in your datacenter. Device credentials are not stored in the cloud.
Business and application-level data is never collected or stored on the management hubs or in the cloud.
Hardware data is transferred from the managed devices to the management hub and then to the XClarity One portal using HTTPS. Managed devices are not directly connected to the XClarity One portal.
Access to device data is restricted to users that have access to your organization, including service agents. The Lenovo XClarity Support team has administrative access to the XClarity One portal using internal identity management practices and role-based access control. All access to data is logged and audited.
Memory-diagnostic data
The XClarity Controller collects memory-diagnostic logs that are generated by the XCC for DDR4 SDRAM memory modules in managed ThinkSystem devices. Memory-diagnostic logs include current errors, metrics, and post package repair (PPR) data. XClarity One uses this data to improve future AI models that are used for memory predictive failure analysis (MPFA) to predict probable memory failures.
Memory-diagnostic logs are transferred to a database (and periodically pushed to a data lake) in the XClarity One portal as a base64 encoded binary string, using HTTPS, every 24 hours if new logs are available. The data is stored in binary format and is decoded only when pushed to the MPFA AI model infrastructure for prediction analysis. Memory-diagnostic logs are stored for each managed device until the device is umanaged.
Lenovo is committed to security. Access to memory-diagnostic data in the XClarity One portal is read-only and is restricted to authorized support personnel.
Service data
When enabled, Call Home automatically collects service data when a serviceable event occurs. You can also manually collect service data for a specific managed device. Service data includes data that is needed to help find the cause of the issue, including service information, inventory, and debug logs.
Service data includes sensitive information, including serial numbers, UUIDs, IP addresses, host names, and device locations. If needed, take appropriate steps to protect any service-data files that were saved to your local system.
Service data is not stored in the management hubs or in the cloud.
Lenovo is committed to security. When service data is sent to Lenovo Support either automatically through Call Home or manually by you, the service-data archive is sent to Lenovo Upload Facility over HTTPS using TLS 1.2 or later. Your business data is never transmitted. Access to service data in the Lenovo Upload Facility is restricted to authorized service personnel.