Information security – HP Matrix Operating Environment Software User Manual

Table 9 Resources visible to service provider and organization administrators and users (continued)

Organization
user/group access

Organization
administrator
access

Service provider
user access

Service provider
administrator
controls

Origination

Resource

administrator
(published only)

administrator
(published and
unpublished)

visible if
published AND
the template is

service provider
user/group access

assigned to the
user/group

Visible if assigned
to the organization

Visible if assigned
to the organization

No restrictions

Assign to one or
more
organizations

1

Created or
discovered by IO;
can be edited by
service provider
administrator

Networks

by the
organization
administrator

by the service
provider
administrator

Visible if assigned
to the organization

Visible if assigned
to the organization

Visible if resource
is kept at the

Keep at service
provider or assign

Discovered by IO

Compute
resources

and the user is

by the service

service provider

to one
organization

(physical servers,
VM Hosts, ESX

assigned to the

provider
administrator

level and the user
is assigned to the

resource pools,

pool containing

pool containing

and cloud
resources )

2

the resource by the
organization
administrator

the resource by
the service
provider
administrator

Allocate a
separate storage

Automatically
generated by

Storage pool
entries

tag to each

Matrix OE, or

organization.

created by service

Match logical disk

provider

tags with storage

administrator using

pool entry tags, or

Matrix OE logical

choose the

server

appropriate SPM

management,

storage template

optionally using

using tags in the
IO template

Storage
Provisioning
Manager

1

IO does not include or preclude active firewalling between VLANs.

2

Storage management for physical server blades can be performed only by the service provider administrator.

Information security

The following table shows the information that is visible to the service provider administrator, service
provider user, organization administrator, and organization user.

Service provider administrators and users see messages only related to that organization. To
prevent information from passing from one organization to another through storage, infrastructure
orchestration scrubs both the boot and data disks when a service is deleted.

Only the service provider administrator can log in to the infrastructure orchestration CMS to access
other technologies such as logical server management and Systems Insight Manager, and detailed
infrastructure orchestration logs.

Security in infrastructure orchestration multi-tenancy

153