Skip to main content

Secure-environment considerations

It is important that you evaluate the security requirements in your environment, understand all security risks, and minimize those risks. Lenovo XClarity Orchestrator includes several features that can help you secure your environment. Use the following information to help you implement the security plan for your environment.

Important
You are responsible for the evaluation, selection, and implementation of security features, configuration procedures, and appropriate controls for your environment. Implementing the security features that are described in this section does not secure your environment completely.

Consider the following information when you are evaluating the security requirements for your environment.

  • The physical security of your environment is important. Limit access to rooms and racks where systems-management hardware is kept.
  • Use a software-based firewall to protect your network hardware and data from known and emerging security threats, such as viruses and unauthorized access.
  • Do not change the default security settings for the network switches and pass-thru modules. The manufacturing default settings for these components disable the use of unsecure protocols and enable the requirement for signed firmware updates.
  • At a minimum, ensure that critical firmware updates are installed. After making any changes, always back up the configuration.
  • Ensure that all security-related updates for DNS servers are installed promptly and kept up to date.
  • Instruct your users to not accept any untrusted certificates. For more information, see Working with security certificates.
  • Where possible and practical, place the systems-management hardware in a separate subnet. Typically, only supervisors should have access to the systems-management hardware, and no basic users should be given access.
  • When you choose passwords, do not use expressions that are easy to guess, such as "password" or the name of your company. Keep the passwords in a secure place, and ensure that access to the passwords is restricted. Implement a password policy for your company.
    Important
    Strong password rules should be required for all users.
  • Establish power-on passwords for users as a way to control who has access to the data and setup programs on the servers. See the documentation that comes with your hardware for more information about power-on passwords.