HP Service Manager Architecture and Security HP Software-as-a-Service



Similar documents
HP IMC Firewall Manager

At a Glance. Key Benefits. Data sheet. A la carte User Module. Administration. Integrations. Enterprise SaaS

HP LeftHand SAN Solutions

HP A-IMC Firewall Manager

Network Configuration Settings

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm

SSL VPN Technology White Paper

Using HP Systems Insight Manager to achieve high availability for Microsoft Team Foundation Server

HP ThinPro. Table of contents. Connection Configuration for RDP Farm Deployments. Technical white paper

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

QuickSpecs. Models. Features and benefits Application highlights. HP 7500 SSL VPN Module with 500-user License

HP Business Service Management

HP and Mimosa Systems A system for archiving, recovery, and storage optimization white paper

Landscape Design and Integration. SAP Mobile Platform 3.0 SP02

Application Note: GateManager Internet requirement and port settings

Implementing an Advanced Server Infrastructure (20414) H4D07S

HP Remote Monitoring. How do I acquire it? What types of remote monitoring tools are in use? What is HP Remote Monitoring?

HP Thin Client Imaging Tool

Sharing Pictures, Music, and Videos on Windows Media Center Extender

Deployment Topologies

ThinPrint.print Server Engine installation and architecture

WhatsUpGold. v14.2. Getting Started with WhatsUp Gold MSP Edition

HP Device Manager 4.6

HP Operations Orchestration Software

HP E-PCM Plus Network Management Software Series

Customizing Asset Manager for Managed Services Providers (MSP) Software Asset Management

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

The Bomgar Appliance in the Network

Configuring Windows 8.1 (6293) HL209S

Printing and Imaging Support on HP Compaq Thin Clients

HP Device Manager 4.6

EAsE and Integrated Archive Platform (IAP)

HP Load Balancing Module

HP network adapter teaming: load balancing in ProLiant servers running Microsoft Windows operating systems

HP Software as a Service

SMTP PROXY SERVER INSTALLATION FOR HP QUICKPAGE

Server Virtualization with Windows Server Hyper-V and System Center (20409) H8B93S

HP Device Manager 4.7

HP Connection Manager. Administrator's Guide

IP videoconferencing solution with ProCurve switches and Tandberg terminals

Hosting Solutions Made Simple. Managed Services - Overview and Pricing

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

HP Device Manager 4.6

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

HP ProLiant DL320 Firewall/VPN/Cache Server User Guide

Using SonicWALL NetExtender to Access FTP Servers

Interwise Connect. Working with Reverse Proxy Version 7.x

FTP Server Configuration

HP Device Manager 4.7

HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security Recommendations

Synthetic Application Monitoring

HP Security Assessment Services

HP PCM Plus v4 Network Management Software Series

HP LeftHand SAN Solutions

Bluetooth Pairing. User Guide

HP OpenView Internet Services. SNMP Integration with HP Operations Manager for Windows White Paper

Chapter 11 Cloud Application Development

QuickSpecs. HP PCM Plus v4 Network Management Software Series (Retired) Key features

Netsweeper Whitepaper

White Paper. ThinRDP Load Balancing

HP VMware ESXi 5.0 and Updates Getting Started Guide

Legal Notices Introduction Definitions... 3

HP 3PAR Peer Persistence Software Installation and Startup Service

HP Real User Monitor. Release Notes. For the Windows and Linux operating systems Software Version: Document Release Date: November 2012

Exam Preparation Guide HP0-M96: Asset Manager 9 Implementation Exam

Using HP StoreOnce Backup Systems for NDMP backups with Symantec NetBackup

How to Configure Web Authentication on a ProCurve Switch

Traffic monitoring with sflow and ProCurve Manager Plus

Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.

Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide

ProLiant Essentials Intelligent Networking Active Path Failover in Microsoft Windows environments

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

QuickSpecs. Overview. Compaq Remote Insight Lights-Out Edition

TESTING & INTEGRATION GROUP SOLUTION GUIDE

How To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On

Polycom. RealPresence Ready Firewall Traversal Tips

BlackBerry Enterprise Service 10. Version: Configuration Guide

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

HP Universal CMDB, Universal Discovery, and UCMDB Configuration Manager Software Licensing and Configuration Guide

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

HP Business Service Management

HP ilo mobile app for Android

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

F-Secure Messaging Security Gateway. Deployment Guide

Availability Digest. Redundant Load Balancing for High Availability July 2013

Models HP IMC MPLS VPN Software Module with 50-node E-LTU

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Vertica OnDemand Getting Started Guide HPE Vertica Analytic Database. Software Version: 7.2.x

White Paper. BD Assurity Linc Software Security. Overview

Installing and Configuring Windows Server 2012 (20410) H4D00S

U06 IT Infrastructure Policy

Firewall Firewall August, 2003

ProCurve Manager Plus 2.2

HP StorageWorks EVA Hardware Providers quick start guide

Deploy Remote Desktop Gateway on the AWS Cloud

HP AppPulse Mobile. Whitepaper: Privacy, Security, and Overhead. Document Release Date: September 2014 (v1.0)

Overview - Using ADAMS With a Firewall

Source-Connect Network Configuration Last updated May 2009

HP 3PAR Software Installation and Startup Service

Eaton Remote Monitoring Manual

Transcription:

HP Service Manager Architecture and Security HP Software-as-a-Service Introduction...2 Architecture...2 Infrastructure Setup...4 Security Setup...4 Customer Infrastructure Requirements...5

Introduction The purpose of this document is furnishing an overview of the architecture and security setup for HP Service Manager service center at Software-as-a-Service (HP SaaS). Architecture HP Service Manager has a multi-tier architecture with presentation, application, and database layers. The following is a description of the tiers. Client Tier The Client tier consists of two components: Web client Windows client (only available in the Dev instance) The Web client allows users to connect to the HP Service Manager server via a Web browser. The customer does not need to install or download any additional software on the user s desktop. The Windows client allows users to connect to the HP Service Manager server via a dedicated client. The customer must install the Windows client separately on each system that it wants to connect to HP Service Manager. The windows client is for configuration users exclusively. Server Tier (Application) The Server tier consists of: One or more HP Service Manager servers The HP Service Manager server runs the HP Service Manager applications and manages the connections between the Client (Windows and Web) and Application tier, also from the Application tier to the Database tier. Database Tier The Database tier consists of: Oracle database technology Optional Servers The Supporting servers are optional features consisting of the following components: Help Server The Help Server is a pre-configured Web server that provides HTML help to HP Service Manager clients and as a stand-alone Web page. Report Server The Report Server is a near real-time replication of the production Oracle database which is accessible to the customer for generating reports. In many cases generation of reports can

CIS CO Po we r CIS CO Po we r S S Y STE M S SYS Y STE M S SYS Cis co3600 Se ries Cis co3600 Se ries PROLI ANT PROLI ANT 1 85 0R 1 85 0R S D S D A V i i O N result in extensive queries which result in noticeable impacts upon end-user performance. Moving these queries over to a separate server results in the ability to access the data in a timely manner without negatively impacting the user community. Figure 1. HP Service Manager Architecture at HP Software-as-a-Service Internet The Service Manager managed service architecture may be described as follows: Infrastructure setup Security setup Customer infrastructure requirements

Infrastructure Setup HP SaaS is responsible for the availability of the overall system and controlling access to the systems, including the setup of infrastructure, network, hardware and software. HP Service Manager managed service infrastructure salient features are as follows: Provide 3 instances: DEV, TEST, and PROD Every customer is setup in their own separate subnet that may contain one or more Service Manager servers. The application servers reside behind HP s corporate firewall. The database servers are secured behind another firewall and access to these servers is limited to HP SaaS infrastructure team. The Reporting DB server is a non Production DB offered as additional paid service. Here customers can have direct access (port 1521) to their DB schema. Database servers are setup in an Oracle RAC (real application cluster) with each customer schema setup with unique user access. The RAC is mirrored for failover every fifteen minutes. Client access to the application is via HTTP or HTTPS (default) and additionally through windows client for configuration tasks in the development environment. Third party tool integrations within the customer s network may require a Site-to-Site Virtual Private Network (VPN) to be setup. For this setup to work, specific ports need to be opened up from known public source internet protocol (IP) address(es) at the customer site. Such a setup provides for secure communication between the customer s network and HP SaaS network and to facilitate the external integrations to the customer s hosted Service Manager instances. Nightly backups of database and files systems, failover, archive, recovery, and application patch management for the Production system. Monitor application and infrastructure 24/7 using industry-leading system monitors for availability; includes firewalls, hardware, server side software and security. Security Setup HP Service Manager managed service security salient features are as follows: Each customer is setup in their own separate subnet with internal and external IP addresses for each of their application servers. Routers use access control lists and the systems are protected by NAT and non-routable IP address control schemes. Network contains intrusion detection systems to monitor activity and audits are run quarterly. The database servers are behind two firewalls that are centrally managed by HP SaaS infrastructure. Database access is not granted to anyone except the HP SaaS infrastructure team to manage the backend database tier. In cases where the customer is entitled to the Reporting DB, standard access is through direct, port 1521, through VPN. Qualified consultants and/or customer developers are furnished access to the DEV application server. Direct accesses to database schemas are not granted.

SaaS Application Engineers have access to the customer s DEV application servers. Default access to the Service Manager is HTTPS or SSL Site-to-Site VPN can also be setup for third party integrations or to access the application server (in addition to serving other purposes), if requested by the customer Consultants and SaaS Application Engineers may remotely access the application servers via a Clientless VPN solution using VASCO software setup by HP SaaS. Consultants and SaaS Application Engineers may also access the appropriate application servers using Remote Desktop or PCAnywhere (for file transfers) from the SaaS network Customer Infrastructure Requirements Customer infrastructure requirements are typically around network port configurations to allow the customer to access their hosted Service Manager instances. The following ports are typically opened up INBOUND on HP SaaS firewall to allow access to the customer s application server from a given source IP, IP addresses, or range of IP addresses from the customer s network via the internet or the instances can be open to the internet with no specific public IPs from the customer: Service Manager Prod Standard User Access: o TCP 80 web client o TCP 443 (for SSL) web client Service Manager Test Application Server Access: o TCP 80 web client o TCP 443 (for SSL) web client Service Manager Dev Application Server Access: o TCP 13080 windows client o TCP 80 web client o TCP 443 (for SSL) web client o TCP 3389 - RDP o TCP 5631 PCAnywhere from Symantec for Remote Access and File Transfer o UDP 5632 Also for PCAnywhere from Symantec Customer Note: The customer is required to configure the same ports indicated above on their firewall for OUTBOUND traffic, from the specified source IP, IP addresses or range of IP addresses. HP SaaS will furnish the customer with the requisite external IP addresses of the relevant Service Manager application servers to the customer as part of the setup phase of the service initialization. Exceptions to these general guidelines may be discussed during the pre-sales phase or during service initialization.

2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. HP SaaS SM Architecture Security Document, February 2009

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information