Skip to main content

Security considerations

Review the following considerations to help you plan for the security of Lenovo XClarity Orchestrator and all managed resources.

  • Secure-environment considerations
    It is important that you evaluate the security requirements in your environment, understand all security risks, and minimize those risks. Lenovo XClarity Orchestrator includes several features that can help you secure your environment. Use the following information to help you implement the security plan for your environment.
  • Cryptography considerations
    Lenovo XClarity Orchestrator supports TLS 1.2 and stronger cryptographic algorithms for secure network connections.
  • Security-certificate considerations
    Lenovo XClarity Orchestrator uses SSL certificates to establish secure, trusted communications between XClarity Orchestrator and its managed resource managers (such as Lenovo XClarity Administrator or Schneider Electric EcoStruxure IT Expert) as well as communications with XClarity Orchestrator by users or with different services. By default, XClarity Orchestrator and Lenovo XClarity Administrator use XClarity Orchestrator-generated certificates that are self-signed and issued by an internal certificate authority.
  • Authentication-server considerations
    You can choose to use the local Lightweight Directory Access Protocol (LDAP) server or another external LDAP server as the authentication server.
  • Access-control considerations
    Lenovo XClarity Orchestrator uses access-control lists (ACLs) to determine which resources (devices, resource managers, and XClarity Orchestrator) users can access. When a user has access to a specific set of resources, that user can see data (such as inventory, events, alerts, and analytics) that is related to only those resources