Virtualized Hardware (Project-Specific)

3.3Security Aspects

3.3.1Software RAID System

In many cases, the RAID controller requires a separate software driver that is not included in the delivery package of the Linux distribution. This driver is usually provided by the PC manufacturer and must be installed according to manufacturer's instructions.

It may occur in practice, however, that some PC manufacturers supply a software driver that is not suitable for the SLES version or, in the worst case, do not provide a Linux driver at all because the server is not intended for operation under Linux.

In such cases, a software RAID solution can be used.

The RAID system is implemented in this case via the operating system functions. In order to ensure that the software RAID works correctly, any hardware-based RAID controller (such as an integrated BIOS RAID on the motherboard) that may be present must be first disabled.

OpenScape Office HX V2	OpenScape Office LX V3
The software RAID support for SLES 10 SP3 has not been tested in conjunction with OSO HX and is therefore not released.	The installation of the software RAID occurs during the Linux installation. This process is described in section 6.1.2.2, and the required preconditions for it can be found in section 5.1.2

3.3.2Redundant Power Supply (Optional)

In the latter case, it is also important to ensure that when using IP-enabled devices, even the associated LAN switches and devices are plugged into the Uninterruptible Power Supply.

3.3.3Using Virus Scanners

For the use of virus scanners in conjunction with SEN applications and the resulting procedures and responsibilities, SEN has formulated a generally applicable security policy. The following is an extract from it:

Extract from the SEN Security Policy: “Support of Virus Protection Software for Server Applications”

SEN does not provide, recommend or certify any specific virus protection software for use with the application servers. Nevertheless, as part of the System-, Release- and Regression-Tests, SEN may install and operate a current version of virus protection software with a broad market acceptance. The used software is listed in the SEN product's administration manual or release notes. Installation and configuration of virus protection software on the application servers (if required by the customer) is the sole responsibility of the customer and is accomplished at the customer’s own risk. The customer assumes all liability for installation and correction should the virus protection software interfere with proper operation of the application software provided by SEN. SEN recognizes, however, that installation of virus protection software may be required by the customer's security or system management policies. Installation of such software will thus not void the warranty or maintenance agreement provided by SEN. SEN may ask the customer to remove the software in order to restore proper operation of the system if diagnosis of a problem is not possible in the SEN laboratories. That is, if the problem cannot be recreated and diagnosed with reasonable effort in the SEN laboratories, SEN will assume that the problem is caused by the virus protection software and will request that the software be removed before additional investigation is conducted.

Additional or updated information on this can be found under the link in section 8.1.2.4

3.3.3.1Procedure in Connection with OpenScape Office HX/LX

Before any installation is performed, the need for a virus scanner on the OpenScape Office server PC must always be clarified in advance with customers and their network or IT administrators.
The following aspects must be taken into account when assessing the risks for the OpenScape Office server.

• 
  The used operating system is Linux.
  
• 
  The integrated Linux firewall is enabled after the OpenScape Office installation (OSP LX only).
  
• 
  The integrated Intrusion Detection System (AppArmor) is enabled after the OpenScape Office installation.
  
• 
  No e-mail server is installed on the OpenScape Office computer.
  
• 
  A web server is used for the OpenScape Office administration and to provide Mobility features.
  
• 
  Optionally, an Internet connection may be set up for:
  
  • 
    the use of OSO Mobility features
    
  • 
    Linux software updates
    
  • 
    OpenScape Office software updates
    
  • 
    Remote Service (SSDP)
    

In cases where the customer demands the use of a virus scanner, the following applies:

• 
  The use and operation of the virus scanner are the sole responsibility of the customer.
  
• 
  SEN may request the removal of the virus scanner for diagnostic purposes.
  
• 
  The virus scanner used in the SEN regression tests should preferably be used.
  

OpenScape Office HX V2	OpenScape Office LX
Trend Micro Server Protect for Linux	Trend Micro Server Protect for Linux

The current version of the virus scanner can be obtained from the release notes of the used OpenScape Office version if required.

In order to prevent potential performance problems resulting from the use of the virus scanner, the regular disk scans should be scheduled for times when the OpenScape Office application is not being used or is only used at a minimum.

3.3.4Using the Firewall

Unauthorized outside access to the OpenScape Office server (e.g., via http) must always be prevented by a firewall. The internal Linux firewall is installed during the SLES installation. It is recommended to use this firewall. The installation routine of OpenScape Office configures the firewall automatically. After the installation of OpenScape Office, the firewall is enabled.
If the customer uses some other protection functions in the network, the Linux firewall can be disabled if required.

Download 391.26 Kb.

Share with your friends: