HP Matrix Operating Environment Software User Manual
Page 131
A HP Operations Orchestration communication security
This appendix describes the security of the interaction between HP Insight Orchestration and HP
Operations Orchestration.
HP Insight Orchestration integrates with HP Operations Orchestration. Operations Orchestration
provides customizable workflows that can be called at various points during the life of an
infrastructure service. Information about the infrastructure service is exchanged between Insight
Orchestration and Operations Orchestration using HTTPS and (in some cases) SMTP. By default,
Insight Orchestration and Operations Orchestration run on the same Central Management Server
(CMS), however Insight Orchestration and Operations Orchestration may be configured to run on
different servers and exchange data across a potentially hostile network.
Actions taken by Insight Orchestration and Operations Orchestration are logged.
HP recommends:
•
Only trusted administrators have a login on the CMS (default behavior)
•
The Insight Orchestration and Operations Orchestration configuration files are available only
to trusted administrators (default behavior)
•
Insight Orchestration template creation and Operations Orchestration flow customization be
limited to trusted architects (this is default behavior)
•
Insight Orchestration and Operations Orchestration are connected by a trusted corporate
network and not a public or potentially hostile internet (by default Insight Orchestration and
Operations Orchestration are installed on the same server)
Insight Orchestration Operations Orchestration interaction
There are two types of interactions between Insight Orchestration and Operations Orchestration.
•
Administrative Actions
Operations Orchestration Workflows invoked during the lifecycle of an infrastructure service
that perform administrative actions and are configured in Insight Orchestration\conf\
hpio.properties
.
•
Service Actions (see
Operations Orchestration Workflows assigned to an infrastructure service template by the
Insight Orchestration architect. The architect assigns workflows at specific points of the
infrastructure service lifecycle.
Data passed by Insight Orchestration to Operations Orchestration
The data exchanged between Insight Orchestration and Operations Orchestration includes:
•
Date – The date the Operations Orchestration flow was invoked.
•
User Token – A unique string used to authenticate a response from the user.
•
Request XML – Data about an infrastructure service including the servers, disks, networks and
storage it uses, as well as the name of the user of the service.
•
User XML – Data about an Insight Orchestration user including username, email address, last
login time and user token (this token cannot be used to connect to Insight Orchestration without
username and password).
•
Disk or Server identifier
•
Server Group Name
•
Network Interface Card (NIC) identifier
Service action workflows must receive the following parameters:
•
Request XML – The XML that represents the infrastructure; for example:
Insight Orchestration Operations Orchestration interaction
131