Allowing access between the Internet and computers in a customer network raises valid security concerns which must be addressed. IBM® has taken a number of necessary steps to provide network access for the HMC.
The first security mechanism that is employed to protect the HMC is to only allow VPN sessions or conversations to be initiated from the HMC itself. This means that there are no applications running on the HMC that are "listening" on the TCP/IP ports to establish a VPN session. If a session is needed from the HMC to enable a service action, an IBM Service representative can initiate this session by dialing into the HMC using a non-TCP/IP modem connection and requesting that the HMC establish the session.
This session will, of course, only be initiated to one of the defined TCP/IP addresses that represent the IBM Service centers.
At installation time, the customer can decide to allow a service session to be removed manually only through the HMC interface. These installation options are briefly described below and in more detail in the IBM DS8870 Introduction and Planning Guide.
Once a secure network connection and session are established, the IBM Service personnel can log on to the HMC to collect problem determination information and send this information to the IBM data collection site.
If problem analysis shows that additional actions are needed, the next level of IBM service might require a high level of access to the DS8000. If this if the case, all of the previous security measure also apply, but to obtain a higher level of authorization, the service organization is required to log on to secure user IDs on the HMC. These user IDs are protected by an authentication scheme which requires the IBM Service personnel to access a secure online database within IBM. This level of protection ensures that only active IBM Service personnel have access to this security mechanism and therefore access to request these higher privileged user IDs.
For command-line access from a remote IBM location, Secure Shell (SSH) is used. For SSH client authentication a private/public key algorithm provides maximum security.
There are only two options available for providing service to the DS8000. Those options are for a person to be physically at the HMC, using its local interface, or at the IBM Service center using a VPN interface. Even if the customer, or any other individual, has the necessary tools to connect to the VPN service interface on the HMC, there is no way to establish that connection, because there is no application running on the HMC to accept the connection, only to initiate it. The only option is to instruct the HMC to establish the VPN connection, either through the modem or a locally attached keyboard. The HMC always establishes that session to the defined IBM TCP/IP addresses, not to another server or workstation.