Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
IT-Symposium 2005
www.decus.de 1
© 2004 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
HP-UX 11i OS:Proven Foundation for the Adaptive Enterprise
Christof HaentschkeTechnical Consultant, HPwww.hp.com/go/hpux11i
Agenda
• HP-UX 11i Roadmap• HP-UX Virtualisation• HP-UX Security• HP-UX System Management
IT-Symposium 2005
www.decus.de 2
• HP-UX 11i Roadmap• HP-UX Virtualisation• HP-UX Security• HP-UX System Management
The Adaptive EnterpriseBusiness and IT
synchronized to capitalize on change
Business
Information technology
Delivers: Simplicity, Agility, ValueUtilization is optimized and IT
supply meets business demand
Leverage common components and processes to reduce cost,
simplify change
Automate the dynamic link between business and IT
Virtualization
Management
Standardization
IT-Symposium 2005
www.decus.de 3
Delivering integrated virtualization• Unlock the value of IT through
optimized resource utilization
• Increase business agilitythrough dynamic resource allocation
• Ensure service levels through real-time action and continuous application availability
• All part of HP-UX 11i’srobustness, unlimited growth, simplified management, and availability
Automatically expands and shrinks virtual servers in real time
HP-UX 11i – integrated foundation
Reliability
Security
Scalability
Manageability
High Availability
Virtualization
HP-UX 11i –starke Grundlage für Adaptive Enterprise
Industry Standard - Integrity Servers• Full enterprise release
HP-UX 11i v1 enhancements for HP 9000 Servers
Runs on HP 9000 & Integrity Servers• Performance improvement, 128-way scaling• Serviceguard extension Fast Failover• Global Workload Manager
HP-UX 11i v3 – Unlimited Expansion• Leadership performance with multi-threading…..• Extended virtual view and partition mgmt• Enhanced storage & I/O stack – SAN agility …..• Increased reliability, availability & serviceability
2004 2005 2006+ HP-UX 11i v4 – Self-healing/adapting • Automation and mgmt. integration
Integrated Virtualization – scale out & scale up• Integrated Serviceguard with VERITAS cluster file system• Single virtual view management• Sub-CPU partitions – Integrity Virtual Machines• Extending disaster tolerant solutions
• Security containment• Secure resource partitions• vPars support on Integrity
HP-UX 11i v2: Your Enterprise UNIX!
ISV portfolio growing
IT-Symposium 2005
www.decus.de 4
HP-UX 11i roadmap drivers
• Recognition of market and HP’s acceleration toward virtualization
• Market implications of delivering full TruCluster/AdvFS functionality in mid 2006
• Opportunity to− Deliver similar capabilities sooner
and on HP-UX 11i v2 • Serviceguard integration with VERITAS
Storage Foundation™ Cluster File System − Preserve file system continuity for
HP-UX 11i customers− Provide continuity for ISVs
Unifying virtualization and cluster managementTime to market, roadmap acceleration
Virt
ualiz
atio
nVi
rtua
lizat
ion
Enhanced VSE for scale out
VERITAS partnership
Adopt new technologiesH
PHP --
UX
11i v
2 U
X 11
i v2
HP-UX 11i roadmap strengthenedUnifying virtualization and cluster management
Virt
ualiz
atio
nVi
rtua
lizat
ion
Enhanced VSE for scale out
VERITAS partnership
Adopt new technologies
HPHP --
UX
11i v
2 U
X 11
i v2
1. Strengthen virtualization solutions with additional investment in management tools
– Enhancing Virtual Server Environment (VSE) for scale out
2. Deliver system and cluster file system capabilities sooner and on HP-UX 11i v2 via enhanced partnership with VERITAS
– Integrate HP-UX 11i and Serviceguard with VERITAS volume management and file system products including cluster file system (CFS)
– Replace TruCluster and Advanced File System (AdvFS) plans
3. Smooth evolution to new technologies
IT-Symposium 2005
www.decus.de 5
Recent news: Virtualization enhancements− Global Workload Manager (planned for Q4 2004), Virtual
Partitions on Integrity, secure resource partitions (planned for H1 2005)
− Optimum utilization across multi OS with sub CPU virtual machines & shared I/O - HP Integrity Virtual Machines (planned for H2 2005)
Update: Strengthen virtualization solutions for scale out planned for H2 2005
− Enhanced VSE for scale up and scale out with common management− Increased utilization of resources
• Single- & multi-cluster management and visualization with single virtual view functionality• VSE integration with Serviceguard with VERITAS Storage Foundation™ Cluster File System
1. Strengthen virtualization solutions2. Deliver key functionality sooner and on HP-UX 11i v23. Smooth evolution to new technologies
HP-UX 11i roadmap strengthenedBetter solutions, delivered sooner
HP Virtual Server Environment direction:Resource optimization in real time for scale up and scale out on the road to the complete IT utility
Sca
leS
cale
-- upup
ScaleScale--outout
p1
p2
pn
p1
p2
p1
p2
…
p1p2
…
p1
p2
…
p1
p2
…
p1 p2
…
p1 p2
…
Combination of scale up and
scale out provides highest
degree of flexibility,
optimization, and automation.
App / VM / resource movement
– across systems
– across hard partitions
– across virtual partitions
– within an OS image
Rapid deployment of clusters
(incl. any group of systems/partitions)
Single & multi-cluster mgmt
(e.g. synchronization, desired state control)
Intelligent, dynamic
deployment (e.g. add VMs / nodes)
Scale up and scale out: Intelligent control of existing and new instances
p1/p2 = hard or soft partitionsVM = Virtual Machines
p1 p2App / VM / resource movement
– across systems
– across hard partitions
– across virtual partitions
– within an OS image
Rapid deployment of clusters
(incl. any group of systems/partitions)
Today
IT-Symposium 2005
www.decus.de 6
Recent news: HP-UX 11i v2 now for HP 9000 and Integrity servers
Update: Deliver key functionality sooner and on HP-UX 11i v2
– Serviceguard integrated with VERITAS Storage Foundation™Cluster File System planned for Q3 2005
– OnlineJFS (VERITAS VxFS) continues as HP-UX 11i file system– Investing for leadership long term in virtualization and traditional
UNIX abilities (scalability, availability, manageability)
1. Strengthen virtualization solution2. Deliver key functionality sooner and on HP-UX 11i v23. Smooth evolution to new technologies
HP-UX 11i roadmap strengthenedBetter solutions, delivered sooner
Common Release smoothes evolution HP-UX 11i v2 on HP 9000
HP-UX 11i v1 on HP 9000
HP-UX 11i v2
on Integrity
HP-UX 11i v2 on HP 9000
and
HP Integrity servers
Binary compatible
Binary compatible
Source code &
data compatible
Today
Applications just work – No retesting required
- binary compatibility guarantee (for same hardware architecture)
- no recompile required on same architectureEasier system administration
- same install, patch, update processes for both architecturesPerformance/scalability enhancements for HP 9000
- 15-25% performance up to 2x plus- large file system to 32 TB - 1-128-way support
Scalability enhancements for HP Integrity servers
−1-128-way supportIntegrated partner testing
− verified configurations for SAS and Business Intelligence stacks
October 2004
Customers choose standard solutions to cut cost and simplify change
HP-UX 11i
Wave 2
IT-Symposium 2005
www.decus.de 7
Single virtual view functionalityHP innovation for ease of management
• Single-cluster Management− Auto synchronization (including auto-
synch for down nodes upon reboot)− Centralized cluster management− Expanded auto-discovery of single
points of failure
• Multi-cluster Management− Common management solution− Multiple Groupings− Variable levels of synchronization− HP-UX 11i and Linux
• Visualization− Auto discovery of resources− Relationships of resources
Single virtual view functionality– Applicable to
– Serviceguard HA– Serviceguard with VERITAS Storage
Foundation ™ Cluster File System– HPTC– Any group(s) of servers / partitions
– Integrated with Virtual Server Environment management tools such as
– Serviceguard Manager – HP Systems Insight Manager
– Complements server deployment life-cycle tools (Ignite-UX)
Improved cluster management with single virtual view
With single virtual view (SVV)
− Improved ease of use for single cluster management−Synchronization of any group of virtual resources: SMP, partitions, clusters −Variable levels of synchronization−Extensible to heterogeneous environments (HP-UX and Linux)
max sync
70% sync
IT-Symposium 2005
www.decus.de 8
Extending the HP Serviceguard PortfolioIntegrated bundles including VERITAS software
HP Serviceguardand
VERITAS Storage Foundation™Cluster File System
HP Serviceguard and
VERITAS Storage Foundation™Cluster File System for Oracle RAC
HP Serviceguard and
VERITAS Storage Foundation™for Oracle Environments
HP Serviceguardand
VERITAS Storage Foundation™(volume manager, file system, management tools)
Available on HP-UX 11i v2 for HP Integrity & 9000 Servers, planned for Q3 2005
Delivered and supported by HP
HP Serviceguardand
VERITAS Storage Foundation™Cluster File System for Oracle
HP-UX 11i roadmap strengthenedBetter solutions, delivered sooner
Ongoing news: Committed to HP 9000 Evolution Program
− Transition tools and services− Business practices include trade-up and trade-in programs− Customer initiatives (i.e. workshops)
Update: Smooth evolution, expand programs− Current HP-UX 11i users of OnlineJFS (VERITAS VxFS) will
continue with this product as the preferred file system • No change to file systems
− Serviceguard continuity, new features delivered sooner− Virtualization easier to adopt for scale out with common
management
1. Strengthen virtualization solutions2. Deliver key functionality sooner and on HP-UX 11i v23. Smooth evolution to new technologies
IT-Symposium 2005
www.decus.de 9
Tru64 UNIX® Installed BaseUnchanged: AlphaServer systems and Tru64 UNIX® product and support
roadmaps − Delivered Tru64 UNIX V5.1B-2 and the AlphaServer family refresh on-plan (August
2004)− Previously extended support roadmap for prior versions
Changed: AdvFS and TruCluster plans- AdvFS is replaced with OnlineJFS (VERITAS VxFS) - TruCluster technology is replaced with Serviceguard solutions integrated with VERITAS
Storage Foundation™ Cluster File System on HP-UX 11i v2 and delivered sooner
Updated: Technical assistance and business practices− HP technical assistance to customers transitioning from Tru64 UNIX to HP-UX 11i v2− HP global business practices to ease the costs of transitioning from Tru64 UNIX
HP-UX 11i roadmap strengthenedBetter solutions, delivered sooner
1. Strengthen virtualization solutions2. Deliver key functionality sooner and on HP-UX 11i v23. Smooth evolution to new technologies
HP-UX 11i: reliable, integrated environmentsminimizing customer time and risk
• HP-UX 11i operating system• Network drivers• Logical Volume Manager
(LVM)• Base VERITAS File System
for HP-UX 11i• Base VERITAS Volume
Manager• PAM Kerberos• EMS framework• Java™ RTE, JDK, JPI• HP-UX 11i Web Server Suite• Mozilla• Internet Express• CIFS client and server• Common Desktop Env.
• Ignite-UX• Software Distributor-UX• Update-UX• Software Package Builder• System Administration
Manager (SAM)• Web-based kernel,
peripheral, and devices configuration tools
• Servicecontrol Manager (*)• Systems Inventory
Manager (*)• Intrusion detection• Install Time Security• Security Patch Check• HP-UX 11i Bastille
Add to Foundation:• Online JFS• Mirrordisk/UX • Process Resource
Manager (PRM)• Glanceplus• OpenView
Performance Agent• Event Monitoring
Services (EMS) HA Monitors
Add to Enterprise:• HP-UX 11i
Workload Manager (WLM)
• Serviceguard• Serviceguard NFS
Toolkit• Enterprise Cluster
Master
HP-UX 11i Mission-Critical Operating Environment
HP-UX 11i Enterprise Operating Environment
HP-UX 11i Foundation Operating Environment
Tested, integrated, single install
Easier to order
Easier license management
50% less install time
Easy install accuracy
Simpler support
contracts
= more reliable; higher
customer satisfaction
(*) has been superceded by HP Systems Insight Manager which can be downloaded from software.hp.com
IT-Symposium 2005
www.decus.de 10
• HP-UX 11i Roadmap• HP-UX Virtualisation• HP-UX Security• HP-UX System Management
HP’s Virtualization portfolioKey solutions that improve agility
• Partitions• Clustering• Instant
CapacityPay per Use
• HP Virtual Server Environment (VSE)• HP Storage Grid• HP BladeSystem• HP Consolidated Client Infrastructure (CCI)• HP Disaster Tolerant Solutions (DTS)
• Datacenter Architecture Services• Grid computing• HP Managed Services
(Strategic outsourcing)
• Rapid deployment• Workload management• HP Storage solutions
− EVA− Virtual Replicator
Optimize utilization of Server, storage, and networking resources
Optimize all heterogeneous resources so supply meets business demand in real time
Optimize multiple elements to automatically meet service level agreements
Complete IT Utility
Integrated Virtualization
Element Virtualization
Storage
Network Software
Servers
Printers & clients
IT-Symposium 2005
www.decus.de 11
Challenge: Enterprises have unused server capacity yet still can’t meet demand
Most reports put average utilization at approx 30%
Tremendous amount of unutilized capacity
Yet these systems are unable to handle the load
0102030405060708090
100
Serv
er A
vera
ge U
tiliz
atio
n
Servers
Utilization at an actual HP customer
HP Virtual Server Environment: Integrated Virtualization for HP Integrity Servers
• Double your resource utilization − Dynamic resource allocation
in a multi-OS environment
• Maintain continuous service levels − Simple policy management
and highly available• Pay only for what you use
− Utility pricing
Intelligent policy engine
HP Virtual Server Environment
Virtual servers
Advise
ActAssess
Consolidates and virtualizes server resourcesfor optimum utilization
IT-Symposium 2005
www.decus.de 12
Innovation today: HP VSE integrates all key virtualization techniques
Consolidates & virtualizes server resources for maximum utilizationConsolidates & virtualizes server resources for maximum utilization
HP Virtual Server Environment (VSE)Intelligent policy engine
Virtual servers
Consolidates & virtualizes server resources for optimum utilization
AvailabilityAvailability PartitioningPartitioning Utility PricingUtility Pricing
Partner integrationHP VSE is application transparentWorkload management toolkits for Oracle, BEA, SAS, ApacheServiceguard certified with 1000s of applicationsServiceguard exclusive integration with Oracle RAC within and across data centersHP VSE Quick Start Solution for BEA and OracleHP SIM offers 3rd party integration
Control
Workload Manager*gWLMSystems InsightManager (SIM)
ServiceguardSGeRAC*SGeFF*SGeSAP*
nParsvPars*HP Integrity VMsProcess Resource Manager* / pSets
Instant CapacityTemporary Instant CapacityPay Per Use
*HP-UX only
PRMProcess Resource
Manager
Virtual partitionsClusters
Hard partitions with multiple nodes
Hard partitions within a node
Virtual partitions within a hard partition
nPartitions
Isolationhighest degree of separation
Flexibilityhighest degree of dynamic capabilities
– Complete hardware and software isolation
– Node granularity– Multiple OS
images
– Hardware isolation per cell
– Complete software isolation
– Cell granularity– Multiple OS
images
– Complete software isolation
– Dynamic CPU migration
– Multiple OS images
– Dynamic resource allocation
– Share (%) granularity
– 1 OS image
PRM with psetsresource partitions w/in
a single OS image
HP Partitioning Continuum
IT-Symposium 2005
www.decus.de 13
Hard Partitions: “nPartitions”• Increased system utilization− Superdome with up to16
nPartitions • Increased Flexibility:
Multi OS − multi OS support: HP-UX,
Linux, Windows − multi OS version support− multiple patch level support
• Increased Uptime− hardware (electrical) and software
isolation across nPartitions− Serviceguard between hard
partitions on the same server or to another HP-UX server.
• Available on Superdome, rx8620, rp8420, rx7620, rp7420
multiple applications on the same server
with hardware isolation
16
1
Minimum granularity: 1 cell with 4 CPUs and
2GB memory
Systems based on cellsRemote Link
Remote Link
Remote Link
Remote Link
crossbar
crossbar
crossbar
crossbar
Cabinet 1 Cabinet 2
Cell
Cell
Cell
Cell
Cell
Cell
Cell
Cell
Cell
Cell
Cell
Cell
Cell
Cell
Cell
Cell
rx8620-32
SuperDome
rx7620-8
IT-Symposium 2005
www.decus.de 14
PRMProcess Resource
Manager
Virtual partitionsClusters
Hard partitions with multiple nodes
Hard partitions within a node
Virtual partitions within a hard partition
nPartitions
Isolationhighest degree of separation
Flexibilityhighest degree of dynamic capabilities
– Complete hardware and software isolation
– Node granularity– Multiple OS
images
– Hardware isolation per cell
– Complete software isolation
– Cell granularity– Multiple OS
images
– Complete software isolation
– Dynamic CPU migration
– Multiple OS images
– Dynamic resource allocation
– Share (%) granularity
– 1 OS image
PRM with psetsresource partitions w/in
a single OS image
HP Partitioning Continuum
Flexibility:Multiple independent OSsDynamic CPU migration1 CPU granularityIntegrates with nPartitions and Instant Capacity CPUsAllows app-specific O/S tuningResources not tied to physical configurations
Isolation: Of OS, applications, resourcesIndividual reconfiguration & reboot
Easy deployment:Ignite-UX is vPar-aware
Easy management:Automatic, SLO-based workload management ACROSS vPars (WLM cross-vPar integration)
HP-UX Revision A.1
HP-UX Revision A.2
HP-UX Revision B.3
HP-UX Revision B.3
Dept. AApp 1
Dept. AApp 1’
Dept. B App 2
Dept. BApp 3
vPar Monitor
HP-UX Virtual Partitions (vPars)
IT-Symposium 2005
www.decus.de 15
HP Integrity Virtual Machines… optimum utilization across Multi OS
• Sub CPU virtual machines with shared I/O
• Runs on a server or within an nPar
• Dynamic resource allocation built-in
• Resource guarantees as low as 5% CPU granularity
• OS fault and security isolation• Supports all (current and
future) HP Integrity servers• Designed for multi OS – first
on HP-UX 11i and Linux, Windows planned
• VSE integration for high availability and utility pricing
OS (HP-UX 11i v2)
app1 app2
app3 app4
I/OI/OI/O
app1 app2
app3 app4
OS (HP-UX 11i v2)OS (Linux)
app1 app2
app3 app4
app5 app6
MemoryHardware
Intelligent Host
2H 2005
Dynamic CPU Allocation… sub-CPU granularity
CPU shares dynamically allocated to the virtual machines as needed
When oversubscribed (more demand than physical resources), fair share allocation to active virtual machines
CPU can be dedicated to a virtual machine for performance isolation
PRM resource guarantees
Example: Minimum 50% CPU allocation
OS
app1 app2
app1 app2
app3 app4
OS OS
app1 app2
app3 app4
Intelligent Hypervisor
IC or TIC processor
IT-Symposium 2005
www.decus.de 16
Intelligent Hypervisor
Dynamic I/O Sharing
I/O packets directed to I/O cards by the Platform Manager
OS
app1 app2
app1 app2
app3 app4
OS OS
app1 app2
app3 app4
I/O card can be dedicated to a virtual machine for performance isolation
I/OI/O I/O
Easy Portability of VMs for fast offline deployment and migration
Intelligent Hypervisor
OS
app1 app2
Intelligent Hypervisor
OS
app1 app2
VM with unique:• Kernel Parameters• Patch levels• Layered software
OSapp1app2
VMs can be stopped on one server and then started up on
another with no changes
Development System(ex. rx2600-2)
QA System(ex. rx8620-32)
Recommended setup:Symbolic links on each system to VM-accessed disksNFS mount to same disk for storage of VM specific runtime info such as EFI settings, kernel launch options, and IPMI eventsMovement within the same subnet so IP address can be maintained
IT-Symposium 2005
www.decus.de 17
PRMProcess Resource
Manager
Virtual partitionsClusters
Hard partitions with multiple nodes
Hard partitions within a node
Virtual partitions within a hard partition
nPartitions
Isolationhighest degree of separation
Flexibilityhighest degree of dynamic capabilities
– Complete hardware and software isolation
– Node granularity– Multiple OS
images
– Hardware isolation per cell
– Complete software isolation
– Cell granularity– Multiple OS
images
– Complete software isolation
– Dynamic CPU migration
– Multiple OS images
– Dynamic resource allocation
– Share (%) granularity
– 1 OS image
PRM with psetsresource partitions w/in
a single OS image
HP Partitioning Continuum
HP Process Resource Manager (PRM) Predictable service level management
Resource partitions within a single OS image
Application 1 Application 2 Application 3
50% CPU
50% real memory
50% disk I/O
25% CPU
25% real memory
25% disk I/O
25% CPU
25% real memory
25% disk I/O
20% 80%System utilization
IT-Symposium 2005
www.decus.de 18
HP-UX Workload Manager (WLM)
Examples of Service Level Objectives (SLOs)
Response time SLO
Transactions will complete in less than 2 seconds.
Response time SLO
Transaction will complete in less than 3 seconds
Job duration SLO
Batch job will finish in less than 1 hour.
HP-UX WLM automatically reconfigures CPU resources to satisfy SLOs in priority order
Application A Application B Application C
Priority 1 Priority 2 Priority 3
global Workload Managermulti-system workload management
• Goal-based management ensuring SLOs for applications running across servers in heterogeneous resource pools
• Server resource utilization is optimized through dynamic resource allocation
• At 1st release control of HP-UX 11i vPars, HP-UX Processor Sets, Linux Processor Sets
• Support of “utility” model of resource sharing− Servers are centrally owned by IT− Business Units “rent” infrastructure from IT− Resource allocation is centrally managed by IT
Application Resource PoolWeb Server Resource Pool Database Resource Pool
Service B
SLO 1 Service A
Shared capacity Shared capacityShared capacity
Service A
SLO 2
SLO 1
IT-Symposium 2005
www.decus.de 19
time
IT c
o st
time
IT c
o st
time
IT c
o st
iCAP
Temporary iCAP
Pay Per Use
Utility Solutions For Every Capacity Need
HP Virtual Server Environment:HP-UX Mission Critical OE in Aktion
• Serviceguard− Analyzes new infrastructure
configuration− Automatically moves package(s)
• Workload Manager (WLM)− Automatically aware of new package− Re-prioritizes packages and resources
to meet SLOs (Service Level Objectives)
• Partition Manager− Graphical display of nPars and hardware
• iCAP− Communicates with WLM− Instantly activates additional processors to meet SLA
Node 1
Move App B to
Node 2
Node 2
60%
30%
10%
Node 2
80%
20%
Node 1
50%
50%
100%
TiCAPpool
App A
App BApp C
App D
App A
Node 1App DApp B
App C
Dynamic resource optimization
Automated and intelligent management
IT-Symposium 2005
www.decus.de 20
Serviceguard
WLM
TiCAP
HP Virtual Server Environment for HP-UX 11i In action today
Services delivery systems
100%: SAP
Unpurchasedprocessors
Manageability
X80% Oracle CRM20% Security
50% SAP40% Oracle CRM10% Security
LegendOracle CRM
Security
SAP
CPU Allocation –consolidated system
Time
Consolidated Server
(5 CPU system)
(5 CPU system)(6 CPU system)
• HP-UX 11i Roadmap• HP-UX Virtualisation• HP-UX Security• HP-UX System Management
IT-Symposium 2005
www.decus.de 21
HP-UX 11i flexible security in-depth protection
• IPSec• Secure Shell• Kerberos• OpenSSL• TCP Wrapper• Secure routing• Bind 9.2
• IPFilter• Bastille• Install-time security• Pluggable
authentication• Encryption• Random numbers• Buffer overflow
protect
• Host-based intrusion detection, real-time
• Audit system• Log-in controls• Password
management• Certification-CAPP
• LDAP directory• LDAP UX integration• AAA Server-RADIUS,
AAA Server-Diameter• Role-based access
control (SCM)• OpenView integration
Physical analogy: bank security
Intrusionprevention
Intrusion detectionand analysis
Networksecurity
Access
Secure Mobile Infrastructure•Mobile IPv4/AAA•Mobile IPv6/IPsec
• Compartmented processing− Without changing applications or files− Built-in to HP-UX 11i with its
manageability, reliability and availability• Fine-grained privileges− Administered through built-in Role-Based
Access Control (RBAC)− Provide the rules for compartment
access• Single audit system − Provide the same audit system for
standard mode and trusted mode • Common Criteria Certification− EAL4-CAPP− RBAC− New protection profile sponsored by
enterprise customer leaders
Siddu
Jim
Ron
Gary
Dave
hpux.user.modify
hpux.net.starthpux.fs.backup
hpux.user.delete
hpux.user.add
P1 P2
HP-UX 11i
Wave 2
Coming packaged within HP-UX 11i v2
Security ContainmentHigher protection built in
IT-Symposium 2005
www.decus.de 22
Secure resource partitions for HP-UX 11i:Secure application stacking within one OS image
Improved resource flexibility and reduced management costs with application security−Customers configure
compartments for isolation• Processes and files are
contained by compartments• Role Based Access Control
administers privilege• Rules for inter compartment
communication− Integration with Process Resource
Manager and HP-UX Workload Manager
−Applications work in compartments without change
−Support for both HP 9000 and HP Integrity servers
OS and System
App 2 External Processe
s
App 2 Internal
Processes
App 1 External Processe
s
App 1 Internal
Processes
LegendSecurity
Compartment
PRM or WLM
Secure resource partitions
How compartments work (1 of 7)Lots of unrelated applications running on the same system
Standard System
Application
File
IT-Symposium 2005
www.decus.de 23
How compartments work (2 of 7)
Any process can access
any other process
Standard System
How compartments work (3 of 7)
Any process can access
any other process or any file
Standard System
IT-Symposium 2005
www.decus.de 24
How compartments work (4 of 7)
Processes and filesare contained bycompartments3
2
Security Containment
1
How compartments work (5 of 7)
Processes and filesare contained by compartments3
2
Security Containment
1
Communication within compartments is just like a standard system
IT-Symposium 2005
www.decus.de 25
How compartments work (6 of 7)
Communication between compartments doesn’t happen
Processes and filesare contained bycompartments3
2
Security Containment
1
Communication within compartments is just like a standard system
How compartments work (7 of 7)
Communication between compartments doesn’t happenwithout a rule
Processes and filesare contained bycompartments3
2
Security Containment
1
Communication within compartments is just like a standard system
IT-Symposium 2005
www.decus.de 26
• HP-UX 11i Roadmap• HP-UX Virtualisation• HP-UX Security• HP-UX System Management
Platform Management:Introducing Systems Insight Manager
HP SIMSimplify
StandardizeModularizeIntegrate
Toptools• Ease of use• Multiple HP platforms
(IA-32 clients & servers, printers, networking, storage)
ServicecontrolManager
• HP-UX and Linux• Multi-system administration• Role-based security• Central point of life-cycle
management through modular plug-in structure
• GUI and command line
Insight Manager 7• ProLiant servers • Windows management• Fault management• Large installed base• Remote management
IT-Symposium 2005
www.decus.de 27
HP Systems Insight Manager
Enabling operational process alignment
Life-cycle managementprocesses
Fault
Deploym
ent
Inventory
System
Software
Rem
ote
SIM
SIM
Workload
SIM
WLM
Future integration
Rapid deploym
entIgnite-U
X
SIM
SD
-UX
Plug-in
SIM
Future
IT-Symposium 2005
www.decus.de 28
HP Systems Insight ManagerRoadmap
Q4, ‘03 Q2, ‘04 Q4, ‘04 1H, ‘05
HP SIM 4.0 HP SIM 4.1 HP SIM 4.2 Quake Beyond Quake
Migration Blades+gWLM
StorageCrossPlatform
Better Together
HP Confidential
Beyond QuakeIntegrity Virtual Machine support in HP SIM
• Discover, associate and allow selection of Integrity Virtual Machines
• Launch Integrity Virtual Machine configuration tools
• Use HP SIM event mechanisms to notify of any issues with Integrity Virtual Machines
• Integrated status into HP SIM status icon columns.
• Simplify managing Virtual Server Environment with minimal setup effort
OS (HP-UX 11i v2)
app1 app2
app3 app4
I/OI/OI/O
app1 app2
app3 app4
OS (HP-UX 11i v2)OS (Linux)
app1 app2
app3 app4
app5 app6
MemoryHardware
Platform ManagerVirtualization Technology
HP Confidential
IT-Symposium 2005
www.decus.de 29
Beyond QuakeSystem Management Homepage for HP-UX
• System Management Home Page extended for HP-UX servers
• Provides Web UI, TUI and enhanced CLI access to HP-UX SAM functional areas and new tools
• Disk and File Systems• Kernel Configuration• Peripheral Devices• Users & Groups• Partition Manager
Web UI - System Management Home Page for HP-UX Servers
TUI - Menu driven terminal interface
Enhanced CLI - Task-oriented command line
interface
HP Confidential
Haben Sie Fragen?